- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- How to lock account such that you can only su into...
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-02-2005 07:59 AM
тАО11-02-2005 07:59 AM
The account already exists and now that everything is set, we want to lock it down.
This is hp ux 11i ver1, please provide steps.
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-02-2005 08:19 AM
тАО11-02-2005 08:19 AM
Re: How to lock account such that you can only su into it
If this is a trusted system then the account will get locked by someone providing a wrong passwd(based on the settings in the policies)
you can use sam or getprpw command to set
Rgds
HGN
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-02-2005 08:21 AM
тАО11-02-2005 08:21 AM
Re: How to lock account such that you can only su into it
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-02-2005 08:49 AM
тАО11-02-2005 08:49 AM
Solution"Except for user root, users on a trusted system cannot use su to change to an account that has been locked because of expired passwords or other access restrictions."
So, theoretically, you could lock the account and set up the sudoers file to allow certain users to do "sudo su -
There's no direct way to do what you want for regular user accounts that I'm aware of.
Jeff Traigle
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-02-2005 08:53 AM
тАО11-02-2005 08:53 AM
Re: How to lock account such that you can only su into it
Jeff Traigle
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-02-2005 08:55 AM
тАО11-02-2005 08:55 AM
Re: How to lock account such that you can only su into it
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-02-2005 09:26 AM
тАО11-02-2005 09:26 AM
Re: How to lock account such that you can only su into it
Or, setup the account so that it is locked, then 'sudo su -
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-02-2005 09:39 AM
тАО11-02-2005 09:39 AM
Re: How to lock account such that you can only su into it
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-02-2005 09:42 AM
тАО11-02-2005 09:42 AM
Re: How to lock account such that you can only su into it
There is no method to do this on HP-UX.
You can setup your own check so that prior to login all users are checked to ensure that they are allowed to directly login.
Add some code similar to the following in your /etc/profile file.
# Prevent direct logins to privileged accounts
USER=$(who am i | awk '{ print $1 }')
grep -q "^${USER}" /etc/su_only.txt
if [ $? = 0 ]
then
echo "No direct Login Allowed. Login with your own username and then su to $USER"
sleep 5
exit
fi
Add all logins to /etc/su_only.txt that you want to allow su only access as follows:
Cheers
Con
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-03-2005 12:50 AM
тАО11-03-2005 12:50 AM
Re: How to lock account such that you can only su into it
ssh lockeduser@host sh
this will run a shell as the user on the other system, but won't run the /etc/profile.
It's even worse if the user has scripts in their home directory and automounting of /home is on. The user can run scripts in their home remotely on the system with no way of stopping them.
I've seen your method used to block users from getting into the compute nodes on a cluster, they were supposed to run everything from the job management node, but liked to jump around it and steal cpu time from other users.