SCO Unix, Xenix and ODT General FAQ

This article is from a FAQ concerning SCO operating systems. While some of the information may be applicable to any OS, or any Unix or Linux OS, it may be specific to SCO Xenix, Open There is lots of Linux, Mac OS X and general Unix info elsewhere on this site: Search this site is the best way to find anything.

How do I restrict logins on SCO Unix?

For some reason, I often get requests to limit users to one login. I guess the people asking such questions have a reason for wanting to restrict logins this way. The only way to do it is to add a script to either /etc/profile or the particular user's .profile that tests to see if this user is logged in somewhere else. Something like this in /etc/profile will work:

IAM=`who am i | cut -d" " -f1`
COUNT=`w | cut -d" " -f1 | grep "^$IAM$" | wc -l`
[ $COUNT -gt 1 ] && exit 0

Similar tricks can restrict a user to a particular tty:

IAM=`who am i | cut -d" " -f1`
TTY=`tty`
[ $TTY != "/dev/tty07" ] && [ $IAM = "tony" ] && exit 0

Another method is to give tty1a a dialup password (it doesn't matter whether or not it really is a dialup) and just give that person or persons the password. That's a better solution if there are multiple people allowed to use that terminal. You create dialup passwords with "passwd -m" and by listing the protected line in /etc/dialups (again, it does NOT have to be a dialup device).

Linux has a similar concept. See 7.6 Dial-up passwords and dpasswd.

And then there's always restricting login to root: put this in /etc/profile

IAM=`who am i | cut -d" " -f1`
[ -f /etc/nologin ] && [ $IAM ] && [ $IAM != "root" ] && exit 0

When you need to restrict logins, just "touch /etc/nologin"; remove it when the need is over.

IN ALL CASES YOU HAVE TO CONSIDER THE EFFECT OF SINGLE USER LOGIN. Tests like this can prevent you from logging in from the CTRL-D single user mode prompt because "who am i" and similar commands will return nothing. Avoid that by using "who -r" to test the run level.

You can restrict root to a particular device by adding a line like

CONSOLE=/dev/tty01
 

to /etc/default/login (se "man M login").

ALWAYS CHECK THAT YOU STILL CAN LOGIN after adding anything to /etc/profile! Do this BEFORE you log out! It's very easy to screw up and lock yourself out, necessitating a single-user mode reboot.



Got something to add? Send me email.





(OLDER) <- More Stuff -> (NEWER)    (NEWEST)   

Printer Friendly Version

->
-> (SCO Unix) How can I restrict logins to one session?

1 comment



Increase ad revenue 50-250% with Ezoic





Wed Aug 13 03:14:55 2008: 4486   lelajels


also check (link) by lrojask

If you get errors on SCO, just comment the read statement or fix it if you prefer to prompt for a key

------------------------
Kerio Samepage


Have you tried Searching this site?

Support Rates

This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more.

Contact us





Just because they've sold you an IP based phone system doesn't mean they know anything about IP, does it? (Tony Lawrence)





This post tagged:

FAQ