7

Well I know the question is weird, but i have a user "Bob" and I want only bob's account to be stuck in infinite login loop. Please note I don't want to get out of a login loop..I want this particular user to be stuck in infinite login loop.

How do I do this?

Seth
  • 58,122

4 Answers4

12

To address bodhi's comment that the user can login through other means, open the file /etc/security/limits.conf and at the bottom add the following line

username hard maxlogins 0

The user will be able to login in tty but will be kicked out immediatelly, and lightdm (or any other login manager for that matter) will do the same. For good measure I would use this together with chowning .Xauthority

Seth
  • 58,122
Sergiy Kolodyazhnyy
  • 105,154
  • 20
  • 279
  • 497
6

Change the shell for Bob:

sudo chsh -s /bin/false Bob
A.B.
  • 90,397
4

Open Terminal (Press Ctrl+Alt+T). Execute this command in terminal.

chown -R root:root /home/Bob/.Xauthority

This command with change ownership of .Xauthority directory of Bob user to root user thus not allowing Bob to login.

A.B.
  • 90,397
Faizan Akram Dar
  • 4,511
  • 13
    The user can still log in via other means, ssh or kerberos to name a few. Set the users shell to /bin/false , that will prevent login. – Panther Apr 13 '15 at 19:06
  • 1
    @bodhi.zazen I've addressed that – Sergiy Kolodyazhnyy Apr 13 '15 at 20:02
  • 7
    Restart your system? This isn't Windows were talking about! – Ernest Friedman-Hill Apr 13 '15 at 23:51
  • 6
    Reboot your system? This isn't Windows we're talking about! – 200_success Apr 14 '15 at 04:43
  • +4 -2 on this answer? Can please i know why downvotes, If downvote is genuine then leave comment (why?) – Faizan Akram Dar Apr 14 '15 at 07:40
  • What is wrong with the sentence "rebooting or restarting your system" . How does it make sense that it should be used for windows only.Check the second answer of this post , he has used the same sentence. http://askubuntu.com/questions/187071/how-do-i-restart-shutdown-from-a-terminal – Faizan Akram Dar Apr 14 '15 at 07:45
  • 1
    Then finally remove the prompt to restart the system. No restart is required. – A.B. Apr 14 '15 at 08:15
  • 3
    You already got the comments explaining the downvotes. One issue, the superfluous reboot, has been fixed by A.B.'s edit. (Unlike Windows users, many Linux users care about uptime. Unnecessary reboots are considered bad advice — and reboots are rarely necessary.) The second issue, that this answer only prevents X session logins, in an easily circumventable way, is a fatal flaw with this answer. The user can still log in through a text console (Ctrl-Alt-F1). Once logged in, Bob can rm .Xauthority, even though the file is owned by root. Then your entire solution is defeated. – 200_success Apr 14 '15 at 09:04
  • @200_success the user can login via other tty , are you sure about it? have you tried it? Anyways it cannot be denied that serg's answer is better, i've already upvoted for that answer and i did upvote bodhi.zazen's comments too. – Faizan Akram Dar Apr 14 '15 at 09:29
  • 1
    Not only can Bob log in using a text console, he can also login via SSH, if an SSH server is running. It's not a matter of other answers being better; this solution is totally insecure and bad advice. – 200_success Apr 14 '15 at 09:40
  • Yes, whenever my .Xauthority gets corrupt and who-knows-why becomes owned by root, I fix it by logging into tty2 and chowning it back to my group and user names. I am skeptical of rm file owned by root part of the comments and unnecessary reboots ,though. Unless the user is in the sudo group, which then makes sense. – Sergiy Kolodyazhnyy Apr 14 '15 at 11:14
  • @Serg The ability to remove a file is determined by the permissions of the directory that contains it, not by the permissions on the file being removed. – 200_success Apr 14 '15 at 17:35
  • Ah ok. So if I have a folder owned by me , another user wouldn't be able to remove a file in it , even if that user owns the file , is that right ? – Sergiy Kolodyazhnyy Apr 14 '15 at 17:40
  • 1
    @Serg A user can delete a file in an ordinary, non-sticky directory if and only if they have write access on the directory. This happens if they own the directory and it's user-writeable (if not, they may chmod u+w it, as they own it). But it also happens if they're in a group-writeable directory's group owner, the directory is other-writeable (o+w), or an ACL lets them write to it. Here's a basic example. But sticky directories observe different rules. – Eliah Kagan Apr 15 '15 at 00:27
-1

If the purpose is to prevent login of the user Bob, I suggest you can also lock the user password and expire his account using:

passwd -l bob
usermod --expiredate 1 bob

This blocks also ssh login with keys. There is more info in how to enable or disable an user question.

Fjor
  • 300