To restrict a user to only one active login,
change that user's shell to some "wrapper" which implements
one-at-a-time locking. That will give the added benefit
of preventing said user from forking shells via 'xterm'.
(And, sure, they could change the shell,
but they'd need to know HOW, and
I learned long ago that weeks of work can frequently save you hours of time in
the library.
Jon
(Side note: basically, they're reinventing JES and file catalogs because
they can't be bothered to spend 20 minutes in the library RTFMing about
all the work done in the last 30+ years on *exactly
> Thanks for all the good ideas. My build process is not CPU
> intensive, I
> don't need Grid or multi processors.
Grid technology doesn't automatically imply that the process is CPU
intensive. The Globus toolkit includes a lot of things that are just as
useful for single systems -- batch schedul
> No, google was not a sarcastic answer. Google.com/linux was
> a better search method than regular google. Found many good
> starting points at kernel.org.
>
Dude, this is awesome! Didn't know about google.com/linux. I'm not sure
which is more accurate yet, this one or just adding "linux" as a
r/PAM solution, it is good to learn.
I will save the info.
From: David Boyes <[EMAIL PROTECTED]>
Reply-To: Linux on 390 Port
To: LINUX-390@VM.MARIST.EDU
Subject: Re: Restrict user to only one active login
Date: Wed, 18 May 2005 17:27:40 -0400
> There is a multi step build/backup procedure
No, google was not a sarcastic answer. Google.com/linux was a better search
method than regular google. Found many good starting points at kernel.org.
From: Leland Lucius <[EMAIL PROTECTED]>
Reply-To: Linux on 390 Port
To: LINUX-390@VM.MARIST.EDU
Subject: Re: Restrict user to only one
You could do something in /etc/ssh/sshrc, as that exit is called by
sshd during login and before the user gets control.
logons=`who | grep ^$USER | wc -l`
if [ $logons -gt 1 ]; then
fi
Ronald van der Laan
--
For LINUX-390
> There is a multi step build/backup procedure that only one
> person should be
> running at a time. The idea was to restrict the build
> scripts to only one
> user. Then allow the build UID only one login at a time.
Couple of ideas:
1) Use NQS (Networked Queue System) to do the builds. Think o
Quoting Benjamin White <[EMAIL PROTECTED]>:
> Thanks for the step by step solution, I knew PAM was the security module,
> but never dug into it.
>
> I will start digging. Besides TLDP.org, any other good resources?
>
Google? :-) Oh, yea...man? (hehehehe, just kidding) Actually, I couldn't
fin
On May 18, 2005, at 3:56 PM, Benjamin White wrote:
There is a multi step build/backup procedure that only one person
should be
running at a time. The idea was to restrict the build scripts to
only one
user. Then allow the build UID only one login at a time.
A "lock" file may be left locked and ne
Quoting Tom Duerbusch <[EMAIL PROTECTED]>:
> With the 'useradd' command, the option '-o' specifies to allow
> "duplicate non-unique" userids.
>
> I assume that means to allow multiple signons of the same userid.
>
That allows more than one user NAME to have the same UID:
sosaatm:/etc # useradd -o
Thanks for the step by step solution, I knew PAM was the security module,
but never dug into it.
I will start digging. Besides TLDP.org, any other good resources?
From: Leland Lucius <[EMAIL PROTECTED]>
Reply-To: Linux on 390 Port
To: LINUX-390@VM.MARIST.EDU
Subject: Re: Restrict user t
> -Original Message-
> From: Linux on 390 Port [mailto:[EMAIL PROTECTED] On
> Behalf Of Tom Duerbusch
> Sent: Wednesday, May 18, 2005 4:02 PM
> To: LINUX-390@VM.MARIST.EDU
> Subject: Re: Fw: [LINUX-390] Restrict user to only one active login
>
>
> With the &#
With the 'useradd' command, the option '-o' specifies to allow
"duplicate non-unique" userids.
I assume that means to allow multiple signons of the same userid.
It doesn't make sense that it would allow you to create multiple "same"
userids...right? So I take a guess that it means at signon time.
mplete the procedure.
Maybe a real make file is needed, but it would be complicated.
Does anyone have a better idea?
From: Adam Thornton <[EMAIL PROTECTED]>
Reply-To: Linux on 390 Port
To: LINUX-390@VM.MARIST.EDU
Subject: Re: Restrict user to only one active login
Date: Wed, 18 May 2005 15:15:43
Quoting Benjamin White <[EMAIL PROTECTED]>:
> How can a user be restricted to only one login at a time?
>
How's this look?
May 18 15:45:17 sosaatm sshd[1101]: Accepted publickey for sysadmin from
:::10.11.2.55 port 1543 ssh2
May 18 15:45:33 sosaatm sshd[1123]: Accepted publickey for sysadmin
Adam Thornton
<[EMAIL PROTECTED]To:
LINUX-390@VM.MARIST.EDU
mine.net>cc:
Sent by: Linux on Subject: Re: [LINUX-390]
Restrict user to only one active login
390 Port
day, May 18, 2005 4:06 PM
> To: LINUX-390@VM.MARIST.EDU
> Subject: [LINUX-390] Restrict user to only one active login
>
>
> It would strike me that this would be almost trivial to sneak into the
> pam.d stack...
>
> ...except that I seem to recall that SSH doesn't
On May 18, 2005, at 3:05 PM, John Campbell wrote:
It would strike me that this would be almost trivial to sneak into the
pam.d stack...
...except that I seem to recall that SSH doesn't pay much attention to
that.
I would suggest getting the source to OpenSSH's sshd daemon and
figuring
out how to sn
IL PROTECTED]To:
LINUX-390@VM.MARIST.EDU
mail.com>cc:
Sent by: Linux onSubject: [LINUX-390] Restrict
user to only one active login
390 Port
<[EMAIL PROTECTED]
How can a user be restricted to only one login at a time?
--
For LINUX-390 subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlv
21 matches
Mail list logo
