I don't want let many users login to PPTP server 开发者_如何转开发of linux with single username and password. is there any solution exists for this?
PPTP multi login is enabled by default in Linux. To disable multi login i just added next rows to /etc/ppp/ip-up
# disconnect new PPTP connection if user already connected
sleep 2
PID=$(cat /var/run/$PPP_IFACE.pid)
if [ $PID ]; then
PROCCESS="$(last -w | grep ppp | grep still | grep $PPP_IFACE)"
USERNAME=$(echo $PROCCESS | cut -d' ' -f1)
NUMLOGINS="$(last -w | grep ppp | grep still | grep -c $USERNAME' ')"
if [ $NUMLOGINS -gt 1 ]; then
kill $PID
fi
fi
This part just do disconnect any new connection if user is logged in. Working fine for me on my Ubuntu 9.04
I've never used pptpd myself, but its docs say that it just uses the underlying pppd.
pppd can be configured via pam, using /etc/pam.d/ppp
.
One PAM module is pam_listfile(8)
(at least available on my Ubuntu 10.04 machine), which can be configured to deny users with usernames listed in a specific file:
Classic ´ftpusers´ authentication can be implemented with this entry in /etc/pam.d/ftpd:
#
# deny ftp-access to users listed in the /etc/ftpusers file
#
auth required pam_listfile.so \
onerr=succeed item=user sense=deny file=/etc/ftpusers
You may be able to amend this for your site; by appending names to a file after a successful login and removing the names on logout, you could make it very difficult to have two connections created for the same user account.
Of course, this would be pretty brittle -- a dropped connection would need to have its line removed, and router reboots might annoy hundreds or thousands of users at once. I might suggest just truncating the whole file when users complain, and hope to avoid gross abuse of your system at best. (And the program to remove usernames would need to be carefully written to avoid races; you can use lockfile(1)
or dotlockfile(1)
to help you.)
Perhaps some periodic auditing would be another option: you could check the wutmp files (see w(1)
, lastlog(8)
) or process listings (ps auxw
is nice) once in a while and see if people are abusing it, and handle it as a policy issue, rather than a software enforcement issue.
Hope this helps.
This works on Centos 7.6 for the time being.
#!/bin/bash
MAXLOGIN=2
# useful vars
#$DEVICE $IFNAME $PPPD_PID $MYPID $PEERNAME $_
#
LOGINS=`last -w $PEERNAME|grep ppp|grep still|wc -l`
if [ $LOGINS -gt $MAXLOGIN ]
then
echo `date` "too many logins of $LOGINS for $PEERNAME on $IFNAME pid $PPPD_PID" >>/tmp/mtg-pptp.log
kill $PPPD_PID
fi
Edit MAXLOGIN to meet your demands
精彩评论