topic Re: Command line in Operating System - HP-UX

Command line

Rich Sanders — Tue, 07 Oct 2003 10:39:14 GMT

How can I tell (HP-UX 11.0, running Oracle 9) wether or not a user has command line access?

Re: Command line

Stefan Farrelly — Tue, 07 Oct 2003 10:42:31 GMT

Try logging in as the user;

su -

If you get a shell prompt up then they have command line access. Even if they dont if they can run vi then they can get to command line access with a !sh the same applies from other programs. You should presume most users can get to the command line if they try hard enough.

Re: Command line

Pete Randall — Tue, 07 Oct 2003 10:43:23 GMT

Rich,

Generally, a user without command line access will have an application specified in the last field of /etc/passwd, so that when they log in they are forced into a menu or program which they can (hopefully) not break out of. Check /etc/passwd.

Pete

Re: Command line

Tomek Gryszkiewicz — Tue, 07 Oct 2003 10:44:23 GMT

You mean shell access?
Look to /etc/passwd. In the last entry of every user there is a shell. If it is a valis shell (/bin/sh, usr/bin/sh, ksh, csh, bash etc) - this user can login to the system. If there is something like "/usr/bin/false", "/nonexistent" etc - this user dont have an access.

-Tomek

Re: Command line

Robert Gamble — Tue, 07 Oct 2003 10:45:53 GMT

Rich,

Most Oracle applcations do not setup a UNIX id, just a database id.

But you could check to see if the user is in /etc/passwd and has valid shell listed.

Re: Command line

Sergejs Svitnevs — Tue, 07 Oct 2003 10:51:54 GMT

You can check tty entry in the user's profile.

Disable console:

if ['tty'=/dev/console]
then
exit 1
fi

Enable console only:

if ['tty'!=/dev/console]
then
exit 1
fi

Regards,
Sergejs

Re: Command line

Bill Hassell — Tue, 07 Oct 2003 22:27:58 GMT

The question starts with: how does a "user" gain access? Is it via telnet or remsh or ftp or some custom socket connection. The answer dictates whether a a shell prompt exists. Unix does not have a command line, just program services provided by system calls. The command line is typically a shell interface, so as mentioned, check /etc/passwd to see if the user has a shell (/usr/bin/sh /usr/bin/ksh /usr/bin/csh etc), something like this:

cut -f1,7 -d: /etc/passwd

Now it is possible that some users have a local .profile that starts a menu that restricts the user but that is a poor idea. The user should have the menu program as their shell so that there is no possibility of getting a shell prompt (command line).