ijk@cbnewsh.att.com (ihor.j.kinal) (05/30/90)
> In article <979@sixhub.UUCP> davidsen@sixhub.UUCP (bill davidsen) writes: > I want to enable login to a certain userid only during certain times. >Assume that cron can run a program to enable or disable, and that I can >do this as root if need be. Given that, is there an elegant way to >enable a login only during certain times, and to do so in a way which >doesn't lead to possible timing problems or other system uglyness, such >as editing the password file directly? I would consider making the permissions of the user's home directory as 000 - this should prevent the user from logging in; if not, then mv the dir to a holding area. If you don't have a home directory, then you can't log in, at least on all the systems I've worked with. [All non-BSD, but I imagine that they should be the same]. #include standard disclaimers. Ihor Kinal att!cbnewsh!ijk
res@cbnews.att.com (Robert E. Stampfli) (06/01/90)
> I want to enable login to a certain userid only during certain times. >Assume that cron can run a program to enable or disable, and that I can >do this as root if need be. Given that, is there an elegant way to >enable a login only during certain times, and to do so in a way which >doesn't lead to possible timing problems or other system uglyness, such >as editing the password file directly? Why *not* modify the password file? To turn an account "xyz" off: /bin/echo '/^xyz:/s/:/:NOLOG/\nw' | /bin/ed /etc/passwd To turn it back on: echo '/^xyz:/s/:NOLOG/:/\nw' | /bin/ed /etc/passwd -- Rob Stampfli / att.com!stampfli (uucp@work) / kd8wk@w8cqk (packet radio) 614-864-9377 / osu-cis.cis.ohio-state.edu!kd8wk!res (uucp@home)
louie@sayshell.umd.edu (Louis A. Mamakos) (06/02/90)
In article <1990May31.172936.10030@cbnews.att.com> res@cbnews.att.com (Robert E. Stampfli) writes: > >Why *not* modify the password file? To turn an account "xyz" off: >/bin/echo '/^xyz:/s/:/:NOLOG/\nw' | /bin/ed /etc/passwd What happens if someone else is trying to modify the password file (changing their password, adding a user, etc)? Someone's going to lose. You'll have to obey whatever locking convention is used on your particular platform to arbitrate access to /etc/passwd to make this work reliably. louie
det@hawkmoon.MN.ORG (Derek E. Terveer) (06/06/90)
In article <1990May29.194446.12623@cbnewsh.att.com> ijk@cbnewsh.att.com (ihor.j.kinal) writes: > I would consider making the permissions of the user's home directory > as 000 - this should prevent the user from logging in; if not, then > mv the dir to a holding area. If you don't have a home directory, then > you can't log in, at least on all the systems I've worked with. > [All non-BSD, but I imagine that they should be the same]. On sun os systems, which are bsd derivitives, if a user attempts to login without a home directory, they *are* allowed to login and are plopped into "/", i.e., root. derek -- Derek Terveer det@hawkmoon.MN.ORG
dik@cwi.nl (Dik T. Winter) (06/09/90)
In article <1990Jun6.081403.10065@hawkmoon.MN.ORG> det@hawkmoon.MN.ORG (Derek E. Terveer) writes: > On sun os systems, which are bsd derivitives, if a user attempts to login > without a home directory, they *are* allowed to login and are plopped into > "/", i.e., root. > The correct behaviour in my opinion. When I login onto a sun and get plopped into "/", I know there might be a network problem (my home directory is on a file server that can be down). If a login would be refused I might try multiple times and still not understand what the problem is. Moreover, even if I get plopped into "/" on occasion I can still get work done, because I can use an NFS mounted directory from another machine. And lastly, most often my home directory is not available because of problems in the auto mounter, and a simple reset of the auto mounter helps. -- dik t. winter, cwi, amsterdam, nederland dik@cwi.nl
dme@doc.ic.ac.uk (Dave Edmondson) (06/11/90)
In article <1625@charon.cwi.nl> dik@cwi.nl (Dik T. Winter) writes:
dik> often my home directory is not available because of problems in the auto
dik> mounter, and a simple reset of the auto mounter helps.
come surely you jest ? problems with the automounter ?
;-)
dik> dik@cwi.nl
dave.
--
Dave Edmondson
Department of Computing, Imperial College, 180 Queen's Gate, London SW7 1BZ UK
phone: 071-589-5111 x5085 fax: 071-581-8024
dme@doc.ic.ac.uk, ..!ukc!icdoc!dme, dme@athena.mit.edu
tr@samadams.princeton.edu (Tom Reingold) (06/11/90)
In article <1990Jun6.081403.10065@hawkmoon.MN.ORG> det@hawkmoon.MN.ORG (Derek E. Terveer) writes: $ On sun os systems, which are bsd derivitives, if a user attempts to login $ without a home directory, they *are* allowed to login and are plopped into $ "/", i.e., root. That's not the point. I think you are responding to someone whose suggestion was to make the home directory owned by root and *unreadable* and *unwritable* to the user. The question is, would *this* prevent a login? -- Tom Reingold tr@samadams.princeton.edu rutgers!princeton!samadams!tr 201-560-6082
merlyn@iwarp.intel.com (Randal Schwartz) (06/11/90)
In article <234@rossignol.Princeton.EDU>, tr@samadams (Tom Reingold) writes: | In article <1990Jun6.081403.10065@hawkmoon.MN.ORG> det@hawkmoon.MN.ORG | (Derek E. Terveer) writes: | | $ On sun os systems, which are bsd derivitives, if a user attempts to login | $ without a home directory, they *are* allowed to login and are plopped into | $ "/", i.e., root. | | That's not the point. I think you are responding to someone whose | suggestion was to make the home directory owned by root and | *unreadable* and *unwritable* to the user. The question is, would | *this* prevent a login? I think <det> answered that, as in "it wouldn't matter". If you cannot cd to your home directory (as denoted in /etc/passwd), you get "/". If you *can* cd there, it doesn't matter that you cannot read it. I can spend *weeks* logged in without ever writing into my home directory, so making it unreadable and unwritable is ineffective. If necessary, I'd just "setenv HOME /tmp", to keep the programs that want to write into the home directory happy. Just another UNIX hacker, -- /=Randal L. Schwartz, Stonehenge Consulting Services (503)777-0095 ==========\ | on contract to Intel's iWarp project, Beaverton, Oregon, USA, Sol III | | merlyn@iwarp.intel.com ...!any-MX-mailer-like-uunet!iwarp.intel.com!merlyn | \=Cute Quote: "Welcome to Portland, Oregon, home of the California Raisins!"=/
guy@auspex.auspex.com (Guy Harris) (06/13/90)
>That's not the point. I think you are responding to someone whose >suggestion was to make the home directory owned by root and >*unreadable* and *unwritable* to the user. The question is, would >*this* prevent a login? No. I just tried it, and it dumped me into my current directory; I still had search ("execute") permission on it. In fact, making the home directory owned by root and unreadable, unwritable, *and* unsearchable by the user *still* doesn't prevent a login! I tried it, and it just dumped me into "/".