access control via loginhook

[sketch]

OK, I’m officially stumped and I need someone to point me in the right direction.

I want to restrict acess to my Macs using a login hook that checks if a network user is a part of one of 2 local groups (admin and labuser), and if not automatically kick them off.

Any ideas?

[sketch]

almost there:

#!/bin/sh

###variables
username=`whoami`
groupstatus=$(nireport . /groups name users | grep -w `whoami` | grep -w admin | wc -l)
###actions
if [ $username = labuser ]; then
exit 0
elif [ $groupstatus = 1 ]; then
exit 0
else

####this is where I’m stuck. How do I best kill the logon process and return the user to the login window?

fi
exit 0

[sketch]

shhhhhh

Anyhoozle… any ideas on how to foce them out? Would it simply be

killall loginwindow

or would we be too far along by the time the loginhook runs?

[sketch]

yeah, this isn’t working

#!/bin/sh

###variables
groupstatus=$(nireport . /groups name users | grep -w $1 | grep -w admin | wc -l)
###actions
if [ $1 = labuser ]; then
  exit 0
elif [ $groupstatus = 1 ]; then
        exit 0
else

killall loginwindow

fi
exit 0

[sketch]

got it

——————-
#!/bin/sh

###variables
username=$1
groupstatus=$(nireport . /groups name users | grep -w $1 | grep -w admin | wc -l)
###actions
if [ $username = labuser ]; then
exit 0
elif [ $groupstatus = 1 ]; then
exit 0
else
/usr/bin/killall -HUP loginwindow
fi
exit 0
———

Now I would like to figure out how to get dialog boxes to pop-up so people know they’re being kicked off, instead of just being left to scratch their heads.

[Author]

Posts