Restricting which logins can use a serial port

[zoonkai]

Is there a way I can restrict which users logon to specific serial ports.

i.e.

on ttys01 I only want user1 login to work
on ttys02 I want to allow only user2 or user3 login to work.

Is something like this possible without redesigning the wheel??

Donald (Zoonkai) Dixon
donnan@don-nan.com

http://www.don-nan.com

 

[dyna176]

hey zoonkai. i'm a novice at scripting, and not at my unix box to test with, but i'd say you could do something similar to:

if [ `tty` -ne "/dev/ttys01" ]; then
echo "'\n\n\nthis login is not accepted on this port!!\n\n'";;sleep 2;;exit
fi

and stick that info in the profile of user1, and so forth.
if you haven't heard from a "real" scripter and i get back to the office to ck this out(tomorrow), i'll follow up on correctness.
P.S. if these ports are for modems, you could always just set dialup passwds, maybe setting them to match logins. that would prevent any but specified login per tty. HTH

 

[dyna176]

zoonkai, i've re-read your posting, and believe i misunderstood. are you allowing "user1" to login on ports other than "ttys01"? if so, then altho i fixed the correct script for only allowing "user1" to get in on certain ports, but it is a different thing to restrict the ports to certain users... i might be able to come up with something, but not at the moment. it seems like something obvious, but i can't put my finger on it, other than maybe adding a test in the /etc/profile.... sorry. i can check back later when i have more time

 

[dyna176]

ok zoonkai, here are some measley, but tested fixes for you:
1) to restrict a "user" to a certain port, you add the following lines in said user's .profile,(i'm restricting "user1" to port ttys01 only):

if test `tty` != "/dev/ttys01";then clear;
echo "\n\n\nthis login is not allowed on this port!\n\n\n";
sleep 2;exit;fi

2) to restrict ports to certain users, you could add the following lines to the bottom of the /etc/profile(always make a copy of the file before modifying it, of course):

case `tty` in
/dev/ttys01)if test $LOGNAME != "user1";then clear;
echo "\n\n\nthis port is restricted to user \"user1\" only!";sleep 2;exit;fi;;
/dev/ttys02) if test $LOGNAME != "user2";then
if test $LOGNAME != "user3";then clear;
echo "this port is restricted to users \"user2\" and \"user3\" only!";sleep 2;exit;fi;fi;;
esac

 

[zoonkai]

I tried scenario 1. restricting a particular login to a specifice port...and I kept getting ...

the login is test...the port is tty03

-sh: test: argument expected

**********.profile*************

# @(#) profile 68.1 98/01/20
#
# Copyright (C) 1989-1998 The Santa Cruz Operation, Inc.
# All Rights Reserved.
# The information in this file is provided for the exclusive use of
# the licensees of The Santa Cruz Operation, Inc. Such users have the
# right to use, modify, and incorporate this code into other products
# for purposes authorized by the license agreement provided they include
# this notice and the associated copyright notice with any such product.
# The information in this file is provided "AS IS" without warranty.
#
# .profile -- Commands executed by a login Bourne shell
#

PATH=$PATH:$HOME/bin:. # set command search path
MAIL=/usr/spool/mail/`logname` # mailbox location
export PATH MAIL

# use default system file creation mask

eval `tset -m scoansi:${TERM:-scoansi} -m :\?${TERM:-scoansi} -r -s -Q`

if test `tty` !="/dev/tty03"; then clear;
echo "\n\n\nthis login is not accepted on this port!!\n\n\n";
sleep 2;exit;fi

/usr/bin/prwarn # issue a warning if password due to expire

*******************************

any ideas??

Donald (Zoonkai) Dixon

http://www.don-nan.com

 

[dyna176]

yes, if this is truly a cut/paste, then you'll need to insert a space before the 1st occurance of doublequotes

if test `tty` !="/dev/tty03"; then clear; (from your ex)

(and that would coincide with your error....)