Re: Restricting a user to console logins only

From: Anthony Valentine <amv@akvalentine.com>
Date: Mon Aug 29 2005 - 08:54:11 AKDT

Joshua Kugler wrote:

>I've done some googling and some bash scripting experimentation, and haven't
>found what I'm looking for. Is there an easy to to restrict a user to
>logging in to the console *only*? For reboot/maintenance purposes I need a
>user (besides my personal user account) that can log into the console, and
>then us to root. But, I don't want that user to be able to ssh in. I'm sure
>it's possible, I just haven't found out how.
>
>j----- k-----
>
>
>
Try the 'tty' command in your bash scripting. On my PC here, a local
console login comes back as /dev/vc/XX where vc means Virtual Console.
Remote ssh connections come back as /dev/pts/XX. You should be able to
check this at login and disallow it if 'tty' reports the teminal is a
pts device.

Sample code below not tested!

#!/bin/bash
### Trap and ignore these signals
#######################
#trap "" 1 2 3
#######################

### Check for pts at login and exit if found (unless excluded)
#######################
TTY=$(tty | cut -f3 -d/)
if [ "${TTY}" ="pts" ] && [ "${USER}" != "jkugler" ]; then
    echo "NO REMOTE LOGINS ALLOWED."
    sleep 3
    exit
fi
#######################

---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Mon Aug 29 08:54:16 2005

This archive was generated by hypermail 2.1.8 : Mon Aug 29 2005 - 08:54:16 AKDT