SUMMARY: telnet session quotas

From: Hector Davie (hector@tell.ascom.ch)
Date: Mon Feb 01 1999 - 02:24:20 CST


I asked if anybody knew a way of limiting, on a per-user basis, the number
of simultaneous telnet sessions a user might open. Thanks to all who replied.

The majority of replies suggested looking at idled - which can also kill
sessions which have gone on too long. Details at:

http://www.darkwing.com/idled/

One person suggested using the ulimit shell function, and another
suggested modifying users' login scripts: this would be difficult to
implement securely.

It was suggested that the telnet daemon configuration files allowed
limits to be set.

Marcos Assis Silva provided a script which he had at the beginnning of
/etc/profile:
===========================================================================
LOGINTAB="/etc/logins.table"
LOGINMAX=`grep '^[ ]*'$LOGNAME $LOGINTAB | tr -s "\011" " " | \
          cut -f2 -d' '`
[ -z "${LOGINMAX}" ] && LOGINMAX=1
TTY=`ps -p $$ | grep -v PID | tr -s "\011" " " | cut -f3 -d' '`
echo "You are logging in at line $TTY ..."
LOGINDEV=`/usr/bin/w | grep \^$LOGNAME | grep -v $TTY | \
          tr -s "\011" " " | \
          cut -f2 -d' ' | tr -s "\012" " "`
if [ $LOGINMAX -ne 0 ]
   then
         LOGINCNT=`echo $LOGINDEV | wc -w 2> /dev/null`
         LOGINCNT=`expr ${LOGINCNT:-0} + 0`

         if [ $LOGINCNT -eq $LOGINMAX ]
            then
                  /usr/ucb/logger -p daemon.notice -t PROFILE \
      "Denied login - user <$LOGNAME> - lines $TTY and $LOGINDEV"
                  echo "You are already logged in [$LOGINDEV] ..."
                  sleep 3
                  kill -KILL $$
            fi
   fi

[ ! -z "${LOGINDEV}" ] && \
echo "You are already logged in at line(s) $LOGINDEV ..."
[ ! -z "${LOGINDEV}" ] && /usr/ucb/logger -p daemon.notice -t PROFILE \
   "Multiple logins - user <$LOGNAME> at lines $TTY and $LOGINDEV"

===========================================================================
        /etc/logins.table just says:

root 0
he 3
she 2
===========================================================================

Renewed thanks to:

Tony C. Wu <tonywu@att.net.tw>
Eric D. Pancer <eric@outlook.net>
Douglas Sean Hagan <shagan@hera.wku.edu>
Ameet Chaubal <achaubal@admin.tavsnet.com>
Kevin Sheehan <u-kevin@megami.veritas.com>
Harry Ford <hford@marketnews.com>
Karl Vogel <vogelke@c17mis.region2.wpafb.af.mil>
Lukas Karrer <lkarrer@trash.net>
Marcos Assis Silva <assis@uel.br>



This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:13:14 CDT