开发者

How to enable (disable) PPTP multi login (of a same account) on Linux?

问答 作者:

I don't want let many users login to PPTP server 开发者_如何转开发of linux with single username and password. is there any solution exists for this?

PPTP multi login is enabled by default in Linux. To disable multi login i just added next rows to /etc/ppp/ip-up 

# disconnect new PPTP connection if user already connected
sleep 2
PID=$(cat /var/run/$PPP_IFACE.pid)
if [ $PID ]; then
    PROCCESS="$(last -w | grep ppp | grep still | grep $PPP_IFACE)"
    USERNAME=$(echo $PROCCESS | cut -d' ' -f1)
    NUMLOGINS="$(last -w | grep ppp | grep still | grep -c $USERNAME' ')"
    if [ $NUMLOGINS -gt 1 ]; then
        kill $PID
    fi
fi

This part just do disconnect any new connection if user is logged in. Working fine for me on my Ubuntu 9.04

I've never used pptpd myself, but its docs say that it just uses the underlying pppd.

pppd can be configured via pam, using /etc/pam.d/ppp.

One PAM module is pam_listfile(8) (at least available on my Ubuntu 10.04 machine), which can be configured to deny users with usernames listed in a specific file:

   Classic ´ftpusers´ authentication can be implemented with this entry in /etc/pam.d/ftpd:

       #
       # deny ftp-access to users listed in the /etc/ftpusers file
       #
       auth    required       pam_listfile.so \
               onerr=succeed item=user sense=deny file=/etc/ftpusers

You may be able to amend this for your site; by appending names to a file after a successful login and removing the names on logout, you could make it very difficult to have two connections created for the same user account.

Of course, this would be pretty brittle -- a dropped connection would need to have its line removed, and router reboots might annoy hundreds or thousands of users at once. I might suggest just truncating the whole file when users complain, and hope to avoid gross abuse of your system at best. (And the program to remove usernames would need to be carefully written to avoid races; you can use lockfile(1) or dotlockfile(1) to help you.)

Perhaps some periodic auditing would be another option: you could check the wutmp files (see w(1), lastlog(8)) or process listings (ps auxw is nice) once in a while and see if people are abusing it, and handle it as a policy issue, rather than a software enforcement issue.

Hope this helps.

This works on Centos 7.6 for the time being.

#!/bin/bash
MAXLOGIN=2
# useful vars
#$DEVICE $IFNAME $PPPD_PID $MYPID $PEERNAME $_
#
LOGINS=`last -w $PEERNAME|grep ppp|grep still|wc -l`
if [ $LOGINS -gt $MAXLOGIN ]
    then
    echo `date` "too many logins of $LOGINS for $PEERNAME on $IFNAME pid $PPPD_PID" >>/tmp/mtg-pptp.log
    kill $PPPD_PID
    fi

Edit MAXLOGIN to meet your demands

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9