1. Overview
Limiting the number of login sessions per user is a crucial practice for efficiently managing system resources. Additionally, from a security perspective, limiting the login sessions for a user can prevent unauthorized access and reduce the risk of cyber attacks.
In this tutorial, we’ll explore two methods to limit the number of login sessions per user in Linux.
2. Using PAM
PAM (Pluggable Authentication Modules) is a Linux framework responsible for managing user access and authenticating users. Additionally, it can be utilized for password management, auditing, and session control.
To limit the login sessions, we open the limits.conf configuration file, which is part of PAM. Moreover, it controls user memory usage, login sessions, and CPU usage.
Let’s open the configuration file using the nano editor:
sudo nano /etc/security/limits.conf
#
#This file sets the resource limits for the users logged in via PAM.
#It does not affect resource limits of the system services.
#
#Also note that configuration files in /etc/security/limits.d director>
#which are read in alphabetical order, override the settings in this
#file in case the domain is the same or more specific.
Each line describes a limit for a user in the form:
#
#<domain> <type> <item> <value>
...output truncated...
In this configuration file, we add an instruction to limit the number of login sessions for a user:
ishu hard maxlogins 4
Here, ishu is the name of the system user. Additionally, by adding the hard option, we specify that this is a hard limit. Moreover, the maxlogins option defines how often a user can log in. Finally, we allow users to log in four times concurrently in this case**.**
After adding the command, we must save the changes and exit from the nano editor.
The next step is configuring PAM to reflect the changes we made in the configuration file. To do that, we need to open a PAM configuration file: common-session. It’s responsible for managing session management policies. Let’s open the file:
$ sudo nano /etc/pam.d/common-session
# /etc/pam.d/common-session - session-related modules common to all se>
#
# This file is included from other service-specific PAM config files,
# and should contain a list of modules that define tasks to be perform>
# at the start and end of interactive sessions.
here are the per-package modules (the "Primary" block)
session [default=1] pam_permit.so
...output truncated...
In this file, we add an instruction that ensures that the log in limit we set is implemented:
session required pam_limits.so
Now, we’ve successfully implemented our custom login policy in Linux.
3. Using .bash_profile File
The second approach is to add some instructions to the .bash_profile file to limit a user’s number of login sessions in Linux. When a user logs in to a system, the .bash_profile file is executed by the operation system. It contains several crucial configuration files, including path settings, environment variables, and login settings.
The first step is to open the file using any Linux text editor:
$ sudo nano ~/.bash_profile
Furthermore, we add some instructions to the file:
MAX_SESSIONS=3
session_count=$(who | awk -v user=$(whoami) '$1 == user {print $1}' | wc -l)
if [ $session_count -gt $MAX_SESSIONS ]; then
echo "You have exceeded the maximum number of allowed sessions ($MAX_SESSIONS)."
exit 1
fi
Let’s discuss the instructions we inserted. First, we set a limit for the maximum number of allowed login sessions. In this case, we set it as 4.
Furthermore, using the who command, we list all the system users. Moreover, we count the number of login sessions for the targeted users using the awk command. Additionally, the wc command provides statistics on the total sessions for the user.
Finally, if the total number of sessions of the current user exceeds the maximum limit, we exit from the script and prevent the system from creating a new session. Additionally, while exiting the script, we display a message to inform the user that the maximum number of allowed login sessions has been reached.
4. Conclusion
In this article, we’ve discussed two methods for limiting user login sessions in Linux.
The first approach is straightforward and doesn’t require any technical knowledge. On the other hand, the second approach requires knowledge of several commands and Linux scripting.