HPE Community
Operating System - HP-UX
1753914 Members
9189 Online
108810 Solutions
New Discussion юеВ

Stop user login

 
SOLVED
Go to solution
John Mak
Occasional Advisor

тАО06-25-2007 04:21 PM

тАО06-25-2007 04:21 PM

Stop user login

Hi Admins,

I want to lock out all but three users (root, admin1 and admin2) from a system during a maintenance window.

I have considered using the NOLOGIN=1 in /etc/default/security and /etc/nologin . Since I cannot allow admin1 and admin2 to login when this has been set I have ruled it out.

My current plan was to use following script in /etc/profile

user=`whoami`
if [ $user != root ] -o [ $user != admin1 ] -o [ $user != admin2 ]
then
echo "System is currently undergoing maintenance"
exit
fi

However the test is not behaving as I thought it would. Can somebody please help me with my code or suggest an alternative solution?

Thanks
0 Kudos
6 REPLIES 6
Steven Schweda
Honored Contributor

тАО06-25-2007 05:32 PM

тАО06-25-2007 05:32 PM

Re: Stop user login

As usual, it might help to know what
happened. ("[N]ot behaving as I thought it
would" is not as informative as you might
think.) I'll assume that it prints out the
message for the low-class users, and then
continues as if nothing were special. I'd
guess that that's because "exit" in a script
like this is what happens normally. Perhaps
"logout", or "kill -HUP 0", or something
comparably vicious (depending on the shell)
would do something new and different.
0 Kudos
John Mak
Occasional Advisor

тАО06-25-2007 05:54 PM

тАО06-25-2007 05:54 PM

Re: Stop user login

Hi,

Exit is working as expected. It├в s the test for the if statement that├в s not working.

It only checks the first condition[ $user != root ] and does not consider the second or third test.

From my interpretation it should read

If $user not equal to root OR $user not equal to admin1 OR $user not equal to admin2
# at this point it only checks the first test
then
echo "System is currently undergoing maintenance"
exit
fi
0 Kudos
Dennis Handly
Acclaimed Contributor

тАО06-25-2007 06:37 PM

тАО06-25-2007 06:37 PM

Solution

Re: Stop user login

Your condition is wrong. You will allow NOBODY to login!

The correct logic is:
if [ $user != root ] -a [ $user != admin1 ] -a [ $user != admin2 ]; then

Or better yet if you have problems with boolean arithmetic: ;-)
if [ $user = root ] -o [ $user = admin1 ] -o [ $user != admin2 ]; then
: # allow VIPs
else
echo "System is currently undergoing maintenance"
exit
fi
0 Kudos
Dennis Handly
Acclaimed Contributor

тАО06-25-2007 06:40 PM

тАО06-25-2007 06:40 PM

Re: Stop user login

Oops, that's:
Your condition is wrong. You will allow NOBODY to login!

The correct logic is:
if [ $user != root -a $user != admin1 -a $user != admin2 ]; then

Or better yet if you have problems with boolean arithmetic: ;-)
if [ $user = root -o $user = admin1 -o $user != admin2 ]; then
: # allow VIPs
else
echo "System is currently undergoing maintenance"
exit
fi
0 Kudos
John Mak
Occasional Advisor

тАО06-26-2007 11:48 AM

тАО06-26-2007 11:48 AM

Re: Stop user login

You guys rock!

If anyone is interested this is the final product

user=`whoami`
if [ $user != root -a $user != admin1 -a $user != admin2 ]
then
echo "System is currently undergoing maintenance"
exit
fi

Thanks for the help.
0 Kudos
Dennis Handly
Acclaimed Contributor

тАО06-26-2007 12:53 PM

тАО06-26-2007 12:53 PM

Re: Stop user login

Double oops:
Or better yet if you have problems with boolean arithmetic: ;-)
if [ $user = root -o $user = admin1 -o $user = admin2 ]; then
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.