Disconnecting logged in users and hackers

paulboy

Chief Evangelist
I'm a Unix newbie. what commands can I issue to disconnect users who are logged on my computer?

Thanks!
 

Straylight23

Registered
Hi,

first try the command "who".
Output should display all logged in users in this way:

[localhost:~] straylight% who
straylight console Jul 11 08:22
foo ttyp4 Jul 11 08:34 (localhost)

etc...

then get the process-ids of the user to bedisconnected:

ps auxw |grep foo

look for his/her shell-process and kill it ;-)

That should do the trick.

cu:Stray
 

davidbrit2

Licensed Computer Geek
A simple way to find users running a shell (simple in that it's just one command) is to type
Code:
ps -aux | awk '/tcsh && ! awk/ { print $1, $2 }'
It will display a small table showing user names followed by the process IDs of the copies of tcsh they're running. Just type 'kill pid', where pid is the listed process number, and it should dump them.

If they keep reconnecting, and you don't want them to, type
Code:
sudo chpass -s /dev/null username
as root, which will change their shell to /dev/null. They will still be able to log in, but they won't be able to do a darned thing.
 

paulboy

Chief Evangelist
I tried the ps -aux | awk '/tcsh && ! awk/ { print $1, $2 }' command and the PID comes up. But when I type kill 365 it says no such process. This PID always changes too. Any easy ways?

 

davidbrit2

Licensed Computer Geek
Oops; that command should look like this:
Code:
ps -aux | awk '/tcsh/ && ! /awk/ { print $1, $2 }'
The bugged version was just printing the process id of the awk command itself, which isn't terribly useful. Awk is cool, but sometimes those little unexplainable problems make me want to pull my hair out (and that would take quite a while with me :D ).
 

paulboy

Chief Evangelist
Doesn't seem to work. I however did get the PID using Top command to get the ssh PID and typed kill PID. It killed the terminal on my win2000 machine I was using to log onto my mac. I typed who on my mac but said it was still logged in. Any ideas? I just want to boot him off. I wish I could type in disconnect user or something.
 

ladavacm

Unperson Spotter
Originally posted by paulboy
Doesn't seem to work. I however did get the PID using Top command to get the ssh PID and typed kill PID. It killed the terminal on my win2000 machine I was using to log onto my mac. I typed who on my mac but said it was still logged in. Any ideas? I just want to boot him off. I wish I could type in disconnect user or something.
Heh, disconnect which instance of the user? Please, remember that every session attached to a controlling terminal is an instance of a user (e.g. if I have three terminals open, I am logged in three times). So, which one of me do you want to disconnect? All of me?

It is doable, by killing the process group, or revoking the controlling terminal; both approaches require knowledge of the pty.

BTW, who entries are not real-time; they depend on login or terminal to update the entries. Therefore, killing the terminal will result in utmp (i.e. who) entry not updated, with user apparently still logged in.
 
Top