Aaron wrote: > I had someone SSHed into my box the other day (my laptop) while at > work and I wanted to screw with him by booting him off. I assume you had previously given this person a valid login on your system or otherwise they would not have been able to log in. > I obviously have root on my box, but I wonder if there is any > "official" or "proper" way to make a user leave the system? You might look into 'pkill' with the -u option. pkill -HUP -u guest ; sleep 5 ; pkill -KILL -u guest > Something along the lines of a "kick" is what I'm after. I achieved > the same result by killing his topmost bash process, but not only is > that probably dangerous and unpredictable, it doesn't let me add a > mean message ;-) It is friendly to kill with SIGHUP so that processes have the opportunity to clean and not leave temporary files and other trash hanging around. Any processes which don't leave within a reasonable delay can be killed more forcefully. If you want to send a message then 'wall' and 'write' are the typical programs. > What do sysadmins do if they find a user is doing something malicious > and they want them gone? From a real world standpoint I can see the > benefits to having such a capacity, even if my intentions are less > than noble. If you want them gone then don't forget to prevent them from logging in again. And don't forget about any ~/.ssh/authorized_keys files. man nologin man deluser Other related programs are 'autolog' and 'timeoutd'. Bob
Attachment:
pgpIyroJGLbed.pgp
Description: PGP signature