HPE Community
Operating System - Tru64 Unix
1753359 Members
6636 Online
108792 Solutions
New Discussion юеВ

USER - NOLOGIN

 
Alejandro Schmidt
Occasional Advisor

тАО05-19-2009 06:45 AM

тАО05-19-2009 06:45 AM

USER - NOLOGIN

I have this System users:
nobody:*Nologin:65534:65534:anonymous NFS user:/:
nobodyV:*Nologin:60001:60001:anonymous SystemV.4 NFS user:/:
daemon:*:1:1:system background account:/:
bin:*:3:4:system librarian account:/bin:
uucp:Nologin:4:2:UNIX-to-UNIX Copy:/usr/spool/uucppublic:/usr/lib/uucp/uucico
uucpa:Nologin:4:2:uucp adminstrative account:/usr/lib/uucp:
auth:*:6:11:Authentication Subsystem:/tcb/bin:
cron:*:7:14:Cron Subsystem:/usr/adm/cron:
lp:*:8:12:Line Printer Subsystem:/users/lp:
tcb:*:9:18:Trusted Computing Base:/tcb:
adm:*:10:19:Administration Subsystem:/usr/adm:
ris:Nologin:11:21:Remote Installation Services Account:/usr/adm/ris:/bin/sh
wnn:*:12:1:Wnn Japanese Input Method System Account:/tmp:/bin/sh
pop:*:13:6:POP Mail Service Account:/:
imap:*:14:6:IMAP Mail Service Account:/:
ftp:*:200:15::/raid/ftp:/bin/sh

Some of them say "NOLOGIN" and some of them don't.
Can I change those that does not say NOLOGIN to NOLOGIN? If I do it, may that break something?
I do not want those user to be able to login...
What are my options??

Thank you!!!
0 Kudos
6 REPLIES 6
Venkatesh BL
Honored Contributor

тАО05-19-2009 08:28 PM

тАО05-19-2009 08:28 PM

Re: USER - NOLOGIN

If you change to 'Nologin', the user will not be able to login to the system.
0 Kudos
Pieter 't Hart
Honored Contributor

тАО05-22-2009 12:56 AM

тАО05-22-2009 12:56 AM

Re: USER - NOLOGIN

in the passwd file on the same position as the "nologin" an encrypted version of the user password is stored.
when you specify "*", no password is set and the user is asked to change the password at first logon.
When you set it to "nologin" it doesn't match any password the user knows.

It's the same result as changing the user password without telling him (user unable to login) .
but when using the "nologin" it's a reminder this user is not supposed to login, untill you (re)set his password.
0 Kudos
Alejandro Schmidt
Occasional Advisor

тАО05-27-2009 12:17 PM

тАО05-27-2009 12:17 PM

Re: USER - NOLOGIN

But if I set it to "NOLOGIN". Will that break any system operation since they are OS user?

Thank you
0 Kudos
Pieter 't Hart
Honored Contributor

тАО05-27-2009 11:12 PM

тАО05-27-2009 11:12 PM

Re: USER - NOLOGIN

Yes because they are system accounts you better not do that.
You'll surely break something :-(

The accounts should not be allowed interactive login because no shell (last parameter) is specified for those accounts.

Pieter
0 Kudos
Alejandro Schmidt
Occasional Advisor

тАО05-28-2009 05:53 AM

тАО05-28-2009 05:53 AM

Re: USER - NOLOGIN

Hello,

Thanks for the hint. I hadn't noticed that...Good point!!
What about those two account that do have shell (apparently)

wnn:*:12:1:Wnn Japanese Input Method System Account:/tmp:/bin/sh
ftp:*:200:15::/raid/ftp:/bin/sh

Can I do something like this?
http://www.faqs.org/docs/securing/chap29sec295.html

Thank you. Appreciate your help
0 Kudos
Pieter 't Hart
Honored Contributor

тАО05-28-2009 06:06 AM

тАО05-28-2009 06:06 AM

Re: USER - NOLOGIN

if you don't use the JapaneseInputMethod-system you might even delete this account.
the "ftp" account is not a standard Tru64 system account.
possibly it is created by a previous administrator?
the procedure in the link you refer to looks reasonable enough to try.
you won't "break the system", but only affect those users that use this "ftp" account.
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.