https://community.hpe.com/t5/operating-system-hp-ux/script-access-control/m-p/3727487#M254101 Hi,<BR /><BR />I am creating a script that will be used by help desk person to change password. I want that they can only type p for password change. if they type something else it will echo it and will be in the loop so the user donnot need to login again. Wed, 08 Feb 2006 21:01:23 GMT Khashru 2006-02-08T21:01:23Z https://community.hpe.com/t5/operating-system-hp-ux/script-access-control/m-p/3727487#M254101 Hi,<BR /><BR />I am creating a script that will be used by help desk person to change password. I want that they can only type p for password change. if they type something else it will echo it and will be in the loop so the user donnot need to login again. Wed, 08 Feb 2006 21:01:23 GMT https://community.hpe.com/t5/operating-system-hp-ux/script-access-control/m-p/3727487#M254101 Khashru 2006-02-08T21:01:23Z https://community.hpe.com/t5/operating-system-hp-ux/script-access-control/m-p/3727488#M254102 You can use something like this:<BR /><BR />getoption() {<BR />echo "Enter p to change a user's password or press q to finish"<BR />read OPTION<BR />}<BR /><BR />getoption<BR /><BR />while [ $OPTION != "q" ]; do<BR />case $OPTION in<BR />p)<BR /> echo "Enter user name"<BR /> read USER<BR /> passwd $USER<BR /> ;;<BR />*)<BR /> echo $OPTION<BR /> ;;<BR />esac<BR />getoption<BR />done<BR /> Wed, 08 Feb 2006 22:17:37 GMT https://community.hpe.com/t5/operating-system-hp-ux/script-access-control/m-p/3727488#M254102 Ivan Ferreira 2006-02-08T22:17:37Z https://community.hpe.com/t5/operating-system-hp-ux/script-access-control/m-p/3727489#M254103 Yes thats ok but i donot want the user to get the shell. ie i donot want him to exit from the program. he can only use p for password change. If he press something else it will again ask him for passwd change for other person. Wed, 08 Feb 2006 22:24:35 GMT https://community.hpe.com/t5/operating-system-hp-ux/script-access-control/m-p/3727489#M254103 Khashru 2006-02-08T22:24:35Z https://community.hpe.com/t5/operating-system-hp-ux/script-access-control/m-p/3727490#M254104 Edit the user's profile, add the path to the this script in the profile, if the file is called for example /usr/local/sbin/changepwd.sh, add to the user's profile:<BR /><BR /># Avoid cancel of the script<BR />stty dsusp undef eof undef eol undef eol2 undef discard undef \<BR />status undef intr undef kill undef lnext undef quit undef reprint undef \<BR />start undef stop undef susp undef werase undef<BR /># Start the script<BR />/usr/local/sbin/changepwd.sh<BR /># Do not allow access to the shell<BR />exit<BR /><BR />So, the user won't have access to the shell. When the users logon, the script will start, when he press "q", the exit command will be run and will logout from the system. Thu, 09 Feb 2006 00:06:28 GMT https://community.hpe.com/t5/operating-system-hp-ux/script-access-control/m-p/3727490#M254104 Ivan Ferreira 2006-02-09T00:06:28Z https://community.hpe.com/t5/operating-system-hp-ux/script-access-control/m-p/3727491#M254105 I will try that tomorrow. Thu, 09 Feb 2006 01:22:15 GMT https://community.hpe.com/t5/operating-system-hp-ux/script-access-control/m-p/3727491#M254105 Khashru 2006-02-09T01:22:15Z https://community.hpe.com/t5/operating-system-hp-ux/script-access-control/m-p/3727492#M254106 However, If we add the script with /etc/profile or $HOME/.profile the user is still allowed to use the signal's as ctrl+c or ctrl+d. Which can not be trapped. Better use the script execution as,<BR /><BR />nohup passwdscript<BR /><BR />which will trap those signal's too.<BR /><BR />--<BR />Muthu Thu, 09 Feb 2006 01:36:48 GMT https://community.hpe.com/t5/operating-system-hp-ux/script-access-control/m-p/3727492#M254106 Muthukumar_5 2006-02-09T01:36:48Z