Disableing Loging for Users
I have a workstation were I've installed SuSE 6.4 this workstation get it's /home from a NFS Server; I want to prevent users to login when their home directory is not avaliable (not mounted). Any guideline is welcome Andres Tarallo
I want to prevent users to login when their home directory is not avaliable (not mounted). you could check for a file which only exists on the mounted home and not in the local home. if it doesn't exist, the volume is not mounted and you can kill the loginshell from the loginscript. ok, you could also grep /proc/mounts or use some of the other 100 possibilities to check this ;-) Anyway, /etc/profile would be the best place to check ...
-- _____________________________ Markus Gaugusch ICQ 11374583 markus@gaugusch.dhs.org 161
I want to prevent users to login when their home directory is not avaliable (not mounted). you could check for a file which only exists on the mounted home and not in the local home. if it doesn't exist, the volume is not mounted and you can kill the loginshell from the loginscript. ok, you could also grep /proc/mounts or use some of the other 100 possibilities to check this ;-) Anyway, /etc/profile would be the best place to check ...
Not necessarily. Reading /etc/profile can be circumvented with ssh logins.
There is a switch in /etc/login.defs, the last item:
#
# Should login be allowed if we can't cd to the home directory?
# Default is yes.
#
DEFAULT_HOME yes
Again, since ssh does not use /bin/login, you'd have to check if it works
with ssh, too.
The profile thing is a good idea, too. I'd solve it like this:
case "$LOGNAME" in
nobody|root|wwwrun|mysql|news)
;;
*)
case "$HOME" in
/home/*|/var/home/*)
;;
*)
exit 1
;;
esac
esac
Thanks,
Roman.
--
- -
| Roman Drahtmüller
Edit /etc/login.defs there is this line. # # Should login be allowed if we can't cd to the home directory? # Default is yes. # DEFAULT_HOME no I think this will solve your problem. Noah.
participants (4)
-
Andres Tarallo
-
Markus Gaugusch
-
Roman Drahtmueller
-
semat@wawa.eahd.or.ug