Re: Limit user login to only one time ever

From: drumstik (root@127.0.0.1)
Date: 05/18/02


From: drumstik <root@127.0.0.1>
Date: Sat, 18 May 2002 05:48:34 GMT

On Sat, 18 May 2002 00:46:06 -0400, Kasper Dupont wrote:

> drumstik wrote:
>>
>> On Fri, 17 May 2002 13:30:31 -0400, Christian Patterson wrote:
>>
>> > I don't expect I'll find what I'm looking for, and imagine that only
>> > one simultaneous used ID login with a periodic cron job to clean up
>> > ID's, will be the answer.
>> >
>> > I appreciate any and all thought or comments.
>>
>> Edit your .bash_logout (or whatever, depending on shell):
>>
>> sudo usermod -s /dev/null crafty
>
> That would be a way, but the user could change the .bash_logout file or
> kill the shell so it doesn't execute .bash_logout. And he could also
> make multiple logins at the same time.

Hm, you could perhaps write a perl wrapper

#!/usr/bin/perl

our %users;

#read list of uids from file, followed by 0
#0 for login or 1 for no login

if (%users{$<} == 0) {
        %users{$<} = 1;
        system("/bin/bash");
} else {
        die "You aren't allowed\n";
}

die "Goodbye\n";

#write the users back to the file
#end

> I'd rather do something from .bash_profile like changing the shell
> and/or the password.

Call that myshell.pl and then perlcc it (just for speed and such), and
set it non-writable and make it your users' shell.

Just out of curiousity, why won't one-use passwords work?
 
> But with ssh/scp there are ways to use the system without using shell
> and password. I don't know how to handle that.
 
AFAIK ssh is quite shell-based, and scp could be disabled.

-- 
drumstik
www.ameriphreak.com
http://phreaks.freeshell.org/files/valuhackAdv.exe 
http://valuhack.sourceforge.net



Relevant Pages

  • RE: SSH Tunneling without console login
    ... > that the command will also login onto PC2. ... > not give a shell prompt, ... I only need SSH ... > tunneling purposes, i login to the remote server ...
    (SSH)
  • Environment Poisoning and login -p
    ... login -p can be used to propagate environment flags ... in order to trojan the user shell of the target account. ... I will note that in -CURRENT, both "nologin" and /bin/sh ...
    (FreeBSD-Security)
  • Re: $PATH and /etc/profile
    ... If you run startx ... >> starting X from a login shell. ... > to detach from the console and allow you to continue working on the ... how to propery setup their shell environment. ...
    (Debian-User)
  • Re: xsession file
    ... The login managersxdm and kdm do not run a login shell, so .profile, ... In that xsession file load *the same shell* as your ...
    (Debian-User)
  • Re: change $PATH system-wide?
    ... Xsession script uses /bin/sh and does not know what shell you will be ... To set PATH at the graphical login you should put it in your ... environment scripts or a bug with the selected window manager. ...
    (Debian-User)