From owner-freebsd-questions  Mon Apr 13 14:12:06 1998
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id OAA19100
          for freebsd-questions-outgoing; Mon, 13 Apr 1998 14:12:06 -0700 (PDT)
          (envelope-from owner-freebsd-questions@FreeBSD.ORG)
Received: from mph124b.rh.psu.edu (MPH124B.rh.psu.edu [128.118.126.36])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id VAA19092
          for <freebsd-questions@freebsd.org>; Mon, 13 Apr 1998 21:12:02 GMT
          (envelope-from gsutter@pobox.com)
From: gsutter@pobox.com
Received: from localhost (gsutter@localhost)
	by mph124b.rh.psu.edu (8.8.7/8.8.8) with SMTP id RAA19483
	for <freebsd-questions@freebsd.org>; Mon, 13 Apr 1998 17:11:54 -0400 (EDT)
	(envelope-from gsutter@pobox.com)
Date: Mon, 13 Apr 1998 17:11:52 -0400 (EDT)
X-Sender: gsutter@mph124b.rh.psu.edu
To: freebsd-questions@FreeBSD.ORG
Subject: Re: Forced logoff
In-Reply-To: <3.0.5.32.19980413134702.00962cc0@207.213.224.25>
Message-ID: <Pine.BSF.3.96.980413170325.19093G-100000@mph124b.rh.psu.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Mon, 13 Apr 1998, Dima Dorfman wrote:

>That's not really what I'm looking for.  Let's say, there is a user that is
>about to break into your system.  You _could_ use 'shutdown -k', but let's
>say that your boss is writing a very important document, and he's not
>autosaving it.  You log everyone off, and your boss kills you because he
>needs to write it all over again.
>
>I'm looking to kick one user at a time.

Well, you could just kill their shell.  That'll do a pretty good job.

You could kill all their processes with something like
ps -aux | grep username | awk '{print $2}' | xargs kill

Or you could lock them out, as should be done with any user trying to
crack root, by killing all their processes and then disabling their
ability to log in.  There are several methods of doing that; one that I
like is using "vipw" to edit the password file and inserting a *
character at the beginning of their (encrypted) password.  That way, if
it was an innocent mistake and things can be sorted out, you can just
re-edit the file, deleting the *, allowing them to use their original
password.

HTH.

GReg
-- 
Gregory S. Sutter                       "How do I read this file?"
mailto:gsutter@pobox.com                "You uudecode it."
http://www.pobox.com/~gsutter/          "I I I decode it?"


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message