HPE Community
Operating System - HP-UX
1753449 Members
6211 Online
108794 Solutions
New Discussion юеВ

Re: Force all users off but root

 
scott rope
Occasional Contributor

тАО11-03-1999 04:51 AM

тАО11-03-1999 04:51 AM

Force all users off but root

I was wondering if there was a way to force all users off the system, except
root, without going to single user mode so I can do some testing for Y2k. I
also need to be able to keep them off for a period of time. I know I could do
it by setting the users login times but I have hundreds of users and it would
take to long. I'm looking for a system wide solution.

Thank you,

Scott
0 Kudos
Reply
2 REPLIES 2
Alan Riggs_1
Regular Advisor

тАО11-03-1999 07:47 AM

тАО11-03-1999 07:47 AM

Re: Force all users off but root

How do your users connect? If they use standard TCP access channels (telnet,
rlogin, etc) then you can simply log into the box, shut down inetd, and then
kill all user sessions. (If you are not on a console or remote console, be
very careful not to kill your own session.) You now have sole posession of the
box until you recycle inetd. If your users connect through other means you
will have to take the appropriate steps to shut them out (bring down listeners,
chmod executables, whatever).
Another means is to create a password file which contains no users other than
root and system Ids, and move that file into place during testing. The
drawback of this is that if you have any scripts or utilities that use
logname, whoami, etc to authenticate user identities, they may behave strangely
while the password file is shifted.
0 Kudos
Reply
javier juarez_1
Occasional Advisor

тАО11-16-1999 12:23 AM

тАО11-16-1999 12:23 AM

Re: Force all users off but root

Hi Scott!!
First, log off all the users, be polite warning them via wall, then kill their
process, be care don't kill yourself, if you are root, try this shell:

for i in $(who -u | grep -v root|cut -c44-50)
do
kill -9 $i
done

make a copy from /etc/profile to /etc/profile.ori and another copy from
/etc/profile /etc/profile.lock
edit /etc/profile.lock
eg.
# @(#) $Revision: 74.2 $

# Default (example of) system-wide profile file (/usr/bin/sh initialization).
# This should be kept to the bare minimum every user needs.

# Ignore HUP, INT, QUIT now.

trap "" 1 2 3
if [ "$LOGNAME" != "root" ]
then
echo "Sorry You are not root, Conecction refused "
exit
fi
.
.
.
.


copy /etc/profile.lock to /etc/profile

do your tests and when finish, copy /etc/profile.ori to /etc/profile

I do this very often and is a system wide solution



0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.