LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   AIX (https://www.linuxquestions.org/questions/aix-43/)
-   -   shell script to automatically kill user on a server (https://www.linuxquestions.org/questions/aix-43/shell-script-to-automatically-kill-user-on-a-server-694382/)

vathsan 01-02-2009 12:23 AM

shell script to automatically kill user on a server
 
Hi All

I work as a AIX administrator maintaining 20 AIX servers. We create NIS users on a single server which spreads user accounts on other servers. I would want to restrict a particular user from logging into a specific workstation. This is not acheivable as the user account was created using NIS and the user account is common to other servers/workstations.

Please let me know how I can effectively stop the users from logging into a particular server which he/she should not access.

Alternatively, can we write a shell script which monitors particular user account logins and automatically kills user's process on the particular workstation and put this is cron for repititive action.
Kindly, help me in suggesting a shell script to acheive this request.


Thanks in advance!

- Vathsan.

zQUEz 01-02-2009 05:51 AM

You didn't mention how this person is logging on, so I am going to assume they are logging on via SSH.
Therefore what about using the "DenyUsers" option under /etc/ssh/sshd_config ?

Another option (and I am not the strongest AIX admin), but you could have a script that runs every so often that checks /etc/security/user and adds the line "login = false" under the code block for this particular user.

If you wanted to go the route of killing the active user, you could ps for the sshd of the user login name, and then kill that PID.

vathsan 01-05-2009 10:50 PM

Hi

Thanks for your wonderful inputs. I managed to fix the issue by writing a small shell script to monitor username and to kill the process.

ps -aef | grep <username> | awk '{printf("kill -9 %d\n",$2)}' | sh

I was not able to find any entries on /etc/ssh/sshd_config to mention Denyusers in the file. Also, the user is not specific to particular server (ie. NIS user) so user's information will not be available in /etc/security/users file.


Cheers!

- Vathsan.

zQUEz 01-06-2009 03:22 AM

DenyUsers is an option that isn't mentioned in the default sshd_config, though is in the man page.
However, if you're happy with the ps monitoring script then that is what counts.


All times are GMT -5. The time now is 04:10 PM.