https://community.hpe.com/t5/operating-system-hp-ux/tweaking-init/m-p/3993208#M296038 Hi all;<BR />I need to tweak one of the init levels so that only I and a couple of other users are able to log into the system. So essentially, I want to initiate an init command (init 2) which would restrict logins to specified few.<BR /><BR /><BR />Can that be done? How would I go about it?<BR /> Thu, 03 May 2007 08:27:38 GMT Lana Cameli 2007-05-03T08:27:38Z https://community.hpe.com/t5/operating-system-hp-ux/tweaking-init/m-p/3993208#M296038 Hi all;<BR />I need to tweak one of the init levels so that only I and a couple of other users are able to log into the system. So essentially, I want to initiate an init command (init 2) which would restrict logins to specified few.<BR /><BR /><BR />Can that be done? How would I go about it?<BR /> Thu, 03 May 2007 08:27:38 GMT https://community.hpe.com/t5/operating-system-hp-ux/tweaking-init/m-p/3993208#M296038 Lana Cameli 2007-05-03T08:27:38Z https://community.hpe.com/t5/operating-system-hp-ux/tweaking-init/m-p/3993209#M296039 Rather than messing with init, there is a option available in the 11.X security feature: /etc/security. Check the man page for security and look for the nologin feature. Basically, if you create a file called /etc/nologin, non-root access is restricted, as long as NOLOGIN is set to 1 in the /etc/security file (which you may have to create).<BR /><BR /><BR />Pete Thu, 03 May 2007 08:48:05 GMT https://community.hpe.com/t5/operating-system-hp-ux/tweaking-init/m-p/3993209#M296039 Pete Randall 2007-05-03T08:48:05Z https://community.hpe.com/t5/operating-system-hp-ux/tweaking-init/m-p/3993210#M296040 I'm still on v 10.20 :( Thu, 03 May 2007 08:51:18 GMT https://community.hpe.com/t5/operating-system-hp-ux/tweaking-init/m-p/3993210#M296040 Lana Cameli 2007-05-03T08:51:18Z https://community.hpe.com/t5/operating-system-hp-ux/tweaking-init/m-p/3993211#M296041 pointing out the obvious, you can create a script to do this.<BR /><BR />when you enter into the init 2 stage, script runs (with proper Sxxx and Kxxx links created) and does this <BR /><BR />check the status (locked/active) of the users you want NOT to be able to login. Store these in some file for reverting back to them.<BR /><BR />then lock these users out.<BR /><BR />do your thing at init level 2<BR /><BR />when you go to init level 3 or above, using the file you created above, go ahead and restore those accounts' status back to where they were prior to you locking them out.<BR /><BR />lock-out and restoration, may be handled differently depending on your OS security level, i.e., trusted or untrusted.<BR /><BR />hope this helps Thu, 03 May 2007 08:54:03 GMT https://community.hpe.com/t5/operating-system-hp-ux/tweaking-init/m-p/3993211#M296041 Mel Burslan 2007-05-03T08:54:03Z https://community.hpe.com/t5/operating-system-hp-ux/tweaking-init/m-p/3993212#M296042 Along the lines of what Mel said:<BR />another way is to place a file in a known location (like /etc/downtime)<BR /><BR />instead of locking / unlocking in passwd,<BR />modify the system's /etc/profile to look for that file. if it finds it, check user id against a list of allowed users. if they are allowed, fine, else exit<BR /><BR />at init 3, remove said file. this also lets you manually create the file to prohibit logins at higher run levels if needed<BR /><BR /> Thu, 03 May 2007 09:05:11 GMT https://community.hpe.com/t5/operating-system-hp-ux/tweaking-init/m-p/3993212#M296042 OldSchool 2007-05-03T09:05:11Z https://community.hpe.com/t5/operating-system-hp-ux/tweaking-init/m-p/3993213#M296043 Shalom,<BR /><BR />Modify /etc/profile<BR /><BR />Have it check the variable LOGNAME against the output from who -r and log users out based on run level.<BR /><BR />Shell scripting. <BR /><BR />I don't know why the idea to touch init came to mind but its not the way to acheive the goal.<BR /><BR />SEP Thu, 03 May 2007 09:25:15 GMT https://community.hpe.com/t5/operating-system-hp-ux/tweaking-init/m-p/3993213#M296043 Steven E. Protter 2007-05-03T09:25:15Z