linux 控制用戶登錄系統
1.修改lockout.users文件,對禁登錄的用戶加入,即可﹔如果寫上ALL,可以禁止除root以外的用戶登錄系統。
2.注意,需要在/etc/profile文件里加入相應的代理才可
3.系統禁止所有普通用戶登錄還可以增加一個任何用戶可讀的文本文件即可。
touch /etc/nologin
chmod 644 /etc/nologin
4.本腳本來自linux與unix shell 一書整理得來
[root@test bin]# cat deny.access
#!/bin/sh
# deny.access
# control user login system
trap "" 2 3
LOCKOUT=/mnt/lockout.users
MSG="Sorry $LOGNAME,your account has been disabled,ring the administrator"
MSG2="Sorry $LOGINAME,the system is unavailable at the moment"
check_lockout(){
if [ -r "$LOCKOUT" ];then
return 0
else
return 1
fi
}
get_users(){
while read NAMES
do
case $NAMES in
\#*);;
*)
if [ "$NAMES" = "root" ]; then
break
fi
if [ "$NAMES" = "$LOGNAME" ];then
echo $MSG
sleep 2
exit 1
else
continue
fi
;;
esac
done < $LOCKOUT
}
if check_lockout; then
if grep -v '\#' $LOCKOUT|grep 'all\>' > /dev/null 2>&1
then
if [ "$LOGNAME" != "root" ];then
echo $MSG2
sleep 2
exit 2
fi
fi
get_users
fi
[root@test bin]# cat /mnt/lockout.users
#this is local user access control file
#in this file username'll cannot login
#system
#use "all" to deny all but root user can login
haibin.xie
mary.lee
all
[root@test bin]# tail /etc/profile -n 3
. /usr/bin/deny.access
unset check_lockout
unset get_users
阅读(802) | 评论(0) | 转发(0) |
