https://community.hpe.com/t5/operating-system-hp-ux/prevent-users-from-logging/m-p/3420766#M204129 Oooooooooooooooops I clicked twice when I found error in posting reply and it came twice. i am sorry Thu, 11 Nov 2004 22:42:22 GMT Ranjith_5 2004-11-11T22:42:22Z https://community.hpe.com/t5/operating-system-hp-ux/prevent-users-from-logging/m-p/3420758#M204121 Team:<BR /><BR />What is the best way to prevent the users from logging while i want the root to login. I can't go to single user mode.<BR /><BR />Thanks<BR /><BR />Brian Thu, 11 Nov 2004 20:19:55 GMT https://community.hpe.com/t5/operating-system-hp-ux/prevent-users-from-logging/m-p/3420758#M204121 brian_31 2004-11-11T20:19:55Z https://community.hpe.com/t5/operating-system-hp-ux/prevent-users-from-logging/m-p/3420759#M204122 Hi Brian,<BR /><BR />Quite a few ways... The one I would prefer is to through inetd.sec file.<BR /><BR />#cp /etc/inetd.sec /etc/inetd.sec.good<BR />#vi /etc/inetd.sec<BR /><BR />Add lines like<BR /><BR />telnet allow ip_of_your_workstation<BR />ftp allow ip_of_your_workstation<BR />login allow ip_of_your_workstation<BR />exec allow ip_of_your_workstation<BR />shell allow ip_of_your_workstation<BR /><BR />Run 'inetd -c'.<BR /><BR />If you are running sshd, stop the daemon. Stop dtlogin process (/sbin/init.d/dtlogin stop).<BR /><BR />Once you are done with your work, move the old inetd.sec back and run 'inetd -c' again to get it going. Start dtlogin and sshd processes.<BR /><BR />-Sri <BR /><BR /> Thu, 11 Nov 2004 20:34:40 GMT https://community.hpe.com/t5/operating-system-hp-ux/prevent-users-from-logging/m-p/3420759#M204122 Sridhar Bhaskarla 2004-11-11T20:34:40Z https://community.hpe.com/t5/operating-system-hp-ux/prevent-users-from-logging/m-p/3420760#M204123 Another way is to use NOLOGIN feature in /etc/default/security file. See security(4) for more information.<BR /><BR />o Add NOLOGIN=1 to /etc/default/security file.<BR />o Create /etc/nologin with the message you'd like your users to see.<BR />o Stop dtlogin.<BR /><BR />ssh should also check for existance of /etc/nologin file so there is no need to stop sshd. Thu, 11 Nov 2004 20:52:51 GMT https://community.hpe.com/t5/operating-system-hp-ux/prevent-users-from-logging/m-p/3420760#M204123 Ermin Borovac 2004-11-11T20:52:51Z https://community.hpe.com/t5/operating-system-hp-ux/prevent-users-from-logging/m-p/3420761#M204124 Team:<BR /><BR />/etc/default/security file can be used in trudted systems only right. Ours is not trusted. is there any other way?<BR /><BR />Thanks<BR /><BR />Brian Thu, 11 Nov 2004 21:45:25 GMT https://community.hpe.com/t5/operating-system-hp-ux/prevent-users-from-logging/m-p/3420761#M204124 brian_31 2004-11-11T21:45:25Z https://community.hpe.com/t5/operating-system-hp-ux/prevent-users-from-logging/m-p/3420762#M204125 As far as I know you don't need trusted system to use /etc/default/security. Although some of its parameters cannot be used on untrusted system (e.g. PASSWORD_HISTORY_DEPTH). Thu, 11 Nov 2004 21:56:03 GMT https://community.hpe.com/t5/operating-system-hp-ux/prevent-users-from-logging/m-p/3420762#M204125 Ermin Borovac 2004-11-11T21:56:03Z https://community.hpe.com/t5/operating-system-hp-ux/prevent-users-from-logging/m-p/3420763#M204126 you are right. i tried and it works. i also tried the inetd.sec file (there was no such file and i had to create one but still i am able to login after making the entries and running inetd -c). aslo is there any other way?<BR /><BR />Thanks<BR /><BR />Brian Thu, 11 Nov 2004 22:02:21 GMT https://community.hpe.com/t5/operating-system-hp-ux/prevent-users-from-logging/m-p/3420763#M204126 brian_31 2004-11-11T22:02:21Z https://community.hpe.com/t5/operating-system-hp-ux/prevent-users-from-logging/m-p/3420764#M204127 Simple Method:<BR /><BR />Hi Brian,<BR /><BR />Easiest and Safest way is :<BR /><BR />#&gt;/etc/nologin OR<BR />#touch /etc/nologin<BR /><BR />After this kill all the users currently logged in to the system.They wont be able to login further.<BR /><BR /><BR />See <A href="http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=147806" target="_blank">http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=147806</A><BR />Regards,<BR />Syam Thu, 11 Nov 2004 22:39:59 GMT https://community.hpe.com/t5/operating-system-hp-ux/prevent-users-from-logging/m-p/3420764#M204127 Ranjith_5 2004-11-11T22:39:59Z https://community.hpe.com/t5/operating-system-hp-ux/prevent-users-from-logging/m-p/3420765#M204128 <BR /><BR />Hi Brian,<BR /><BR />Easiest and Safest way is :<BR /><BR />#&gt;/etc/nologin OR<BR />#touch /etc/nologin<BR /><BR />After this kill all the users currently logged in to the system.They wont be able to login further.<BR /><BR />Regards,<BR />Syam Thu, 11 Nov 2004 22:40:48 GMT https://community.hpe.com/t5/operating-system-hp-ux/prevent-users-from-logging/m-p/3420765#M204128 Ranjith_5 2004-11-11T22:40:48Z https://community.hpe.com/t5/operating-system-hp-ux/prevent-users-from-logging/m-p/3420766#M204129 Oooooooooooooooops I clicked twice when I found error in posting reply and it came twice. i am sorry Thu, 11 Nov 2004 22:42:22 GMT https://community.hpe.com/t5/operating-system-hp-ux/prevent-users-from-logging/m-p/3420766#M204129 Ranjith_5 2004-11-11T22:42:22Z