Is it possible to have only 1 user signed in at a time or only allow console Sign Ins
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Is it possible to have only 1 user signed in at a time or only allow console Sign Ins
1) Can i have only one user signed in at a time? If so, how?
I dont want multiple users signed in.
2) Can I setup my system to only allow signin via console, not from anywhere else? If so, How?
I only want console access which means the only person that can log onto my system, is the person PHYSICALLY using it.
Thanks and sorry if my questions are a little out of the ordinary.
For controlling tty's for root look in /etc/securetty, for users in /etc/usertty, and then look in /etc/security, for access.conf and the other conf's in there to allow logins by host, time, period (also $TMOUT).
I've never seen a way to exclusively lock out other users tho, except for /etc/nologin, and that ain't "interactive" IIRC). Only root or root-owned processes have caps to control restrictions, ie, I don't think a user-process could deny another user's login.
I just answered this question over at Tek-Tips . You can control user access with /etc/login.access file, specifying which users can login and from where remote host or specify tty device.
A record in this file consists of three colon:delimited fields: a plus (+) or minus (-) sign indicating whether users are allowed access, usr login names allowed access and the remote system or temintal from which they can login.
example
+:joe:bilbo.shire.org
You can list more than one user or location. You can also use the ALL option in place of either users or locations to allow access by all users and locations. The ALL option can be qualified with the EXCEPT option to allow access by certain specified ones. the following entry allows any user to log into the system using the console except for Frodo and Sam
You +:ALL EXCEPT frodo sam : console
so going by that solution, hw can you stop anyone else logging in? restricting those logging in is fine, but i guess the desired solutino is that any known user can log in, but no one else can when someone already is... presumably you could automate login.access, re-writing the file when a user logs in and out...?
I would assume if you wanted to restrict logins to a particular set of persons you would do:
-:ALL EXCEPT frodo sam : console
Which would say "restrict (-) ALL EXCEPT frodo and sam, from logging in on the console (or whatever tty or remote host you wish. That's an assumption on my part, but it makes sense to me. Works kinda like a hosts.deny and hosts.allow file only in just one place.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.