Hi, I have a small issue with student logging in to several workstations, and sharing accounts. To prevent this behaviour (since it breaks there user settings and I want to know who is logged in and where, not letting them share accounts) I have tried to find a way to log out user on the former workstation when they log in to a new. Today I run a mixed setup with tjener on Squeeze and two ltsp-servers one on squeeze (going down very soon) and another on Wheezy.
My short question is, has anyone come up with a better solution for this? Or can you think of a better idea to solve this problem? My original idea was to write a script similar to down to be run when user log in; _________ #!/bin/bash # Author: [email protected] # Purpose: Log out user from ws if they log in to a second # For this script to work, root has to be enabled in chroot(?), and somehow any client has to be able to run the ssh command # on any other ws as root or as them selves (since its them being logged in..) # Extract all users entries from rwho and show the ws part host=`hostname | sed 's/\..*//'` for logins in `rwho | grep $USER | awk '{print $2}' | sed 's/:.*//'`; do # echo $logins # debug entry if [ $host != $logins ]; then echo "Användaren är redan inloggad" ssh -o StrictHostKeyChecking=no root@$logins 'pkill -KILL -u $USER' fi done ___________ Problem is, for it to work, I dont see any other way then to let every ws have the ability to log in to every other ws as root using keys Not really an option. So I came up with this instead, to be run via cron on a regular (and short) interval; (Down actually works, but problem is, it will take some time before the old log in get purged.. depending on how often it will be run. And I guess it will use up unessecary cpuresources.) ___________ #!/bin/bash # Author: [email protected] # Purpose: Log out user from ws if they log in to a second ws # For this script to work, root has to be enabled in chroot, and public key from tjener has to be in root@chroot so root@tjener can log into any ws passwordless. # Let tjener loop through rwho at intervals and kill old logins # So, we want to look for one user at a time, and see if that user has entries for more then one host # If User have entries for several hosts, kill the first one(s) (since rwho shows them sorted by time) # This will only kill the oldest log in, but if we run it in intervall, say every 2 minutes, that will not matter. IFS=$'\n' # make newlines the only separator change=user # Any value, to start with, so we can see when $change changes, without bash throwing us errors for entries in `rwho`; do login=`echo $entries | awk '{print $1}'` client=`echo $entries | awk '{print $2}' | sed 's/:.*//'` # echo; echo $login # debug entry if [ $change == $login ]; then # echo $client # debug entry if ([ $firstlogin != $client ] && [ $login != "root" ]); then echo "Loggar ut $login från $firstlogin" # Since not all keys for all ws are in tjeners known_hosts entries, I use StrictHostKeyChecking=no # Its tjener logging in to a ws, so it should be safe (I hope). # I use batchmode so login will be aborted if keys does not work. To be extra safe, I also use a timeout. ssh -o StrictHostKeyChecking=no -o BatchMode=yes -o ConnectTimeout=5 root@$firstlogin "pkill -KILL -u $login" fi fi firstlogin=$client change=$login done ____________ Regards /George
