zerkle@iris.ucdavis.edu (Dan Zerkle) (12/19/90)
> Barry Shein (I think) writes: > I don't know of any OS, for example, which gives much control over > when someone can log in. > Say you have operators with (some) privileges and would rather not > have them logging in off-shift. Do you know any OS which lets you put > that kind of logic in? (Oh, under most I can write scripts which > disable accounts at various times, but I get to monkey around with > some things which are fraught with peril.) > (I assume someone will say "so ask them not to log in off-shift", a > logic I agree with, but just an example.) This is cake on Unix. It just takes a little bit of knowledge about how you get a login.... There is an actual program that logs you in called (logically enough) "login". In the password file, there's a field for every user that says what program is that user's shell. Normally, this program is simply the C-shell (or ksh, or sh, or bash, or whatever). However, this could be a really short little program I could write 45 minutes (5 if you don't count the time looking up system call syntax) which would first look at the time of day. If the time is not appropriate, it just says "sorry" and terminates, logging you out. If the time is ok, it replaces its image with some exec call and runs the shell. There are two catches that I can think of: The chsh (or whatever) program lets you change your shell. You'd have to keep the users from executing this, either by removing it, changing the suid bit, or re-writing it to change the shell that gets executed by your meta-login program. Other catch: Users could STAY logged on, after their login time was up. You could put something in the crontab to kill any users (this is slang folks) who stay on past their times. Of course, this will be really, really annoying to some users. Then again, I never heard of any security measure that isn't annoying. I don't know what the comp.unix heirarchy looks like at the moment, but redirect your followups somewhere over there. Dan Zerkle zerkle@iris.eecs.ucdavis.edu (916) 754-0240 Amiga... Because life is too short for boring computers.