topic Deny Login Script in Operating System - HP-UX

Deny Login Script

Chris Weislak — Tue, 24 Jan 2006 15:02:27 GMT

I am running an INFORMIX database on a HP-UX server. Because informix requires a user id be on the system running the database, I need to deny every user login rights for telnet or SSH except admins. I created a script and placed it in the users .profile file. but I get an error when it hits the 'exit' line. How do I hide the error or make it work correctly to just kick out the user? Also the $name does not display the name when runing it from sh. It worked in csh.

set name = `whoami`
echo ""
echo "*************************************************"
echo "*** You do not have permission to log into ***"
echo "*** this system if you feel this is an error ***"
echo "*** Please contact your Administrator ***"
echo "*************************************************"
echo ""
echo ""

sleep 2
echo $name | mailx -s "User tried to login using telnet" hta_admin
exec exit

Please help...I need all the help I can get :)
Thanks,
Chris

Re: Deny Login Script

Steven E. Protter — Tue, 24 Jan 2006 15:08:23 GMT

Shalom Chris,

You can build something into /etc/profile that checks the $LOGNAME variable and ejects users that are not allowed to log in.

SEP

Re: Deny Login Script

Chris Weislak — Tue, 24 Jan 2006 15:09:00 GMT

I just figured out the $name..I used $USER instead and got what I wanted. I still get the error though when I login that exit is not a vaild command.

Chris

Re: Deny Login Script

Pete Randall — Tue, 24 Jan 2006 15:09:05 GMT

Chris,

Perhaps the "/etc/nologin" feature of the /etc/default/security file would be of help to you. Take a look at the man page for "security".

Pete

Re: Deny Login Script

Pete Randall — Tue, 24 Jan 2006 15:10:22 GMT

On another note, what happens if you just do "exit" rather than "exec exit"?

Pete

Re: Deny Login Script

Rodney Hills — Tue, 24 Jan 2006 15:10:35 GMT

Be sure to put a "trap" statement to make sure the user can not break out the profile.

I don't think you need "exec" in front of "exit" either.

HTH

-- Rod Hills

Re: Deny Login Script

Chris Weislak — Tue, 24 Jan 2006 15:17:39 GMT

I removed the exec and that worked. I think I used it with the csh. How do you "trap" the user so they cannot get out of the script? Forgive me I am very new to the scripting side of UNIX.

Thanks,
Chris

Re: Deny Login Script

James R. Ferguson — Tue, 24 Jan 2006 15:26:23 GMT

Hi Chris:

# trap '' INT QUIT HUP

...will provide good protection.

Regards!

...JRF...

Re: Deny Login Script

Pete Randall — Tue, 24 Jan 2006 15:29:09 GMT

trap "" 1 2 3 # ignore HUP, INT, QUIT now.

Pete

Re: Deny Login Script

Chris Weislak — Tue, 24 Jan 2006 15:39:19 GMT

Those suggestions worked great. Now the script works clean and you cannot quit it during the time it is running. You all rock...

Thanks,
Chris

Re: Deny Login Script

James R. Ferguson — Tue, 24 Jan 2006 15:40:30 GMT

Hi (again) Chris:

Oh, it looks kike your using a C-shell (csh) script. In that case use this:

# onintr -

Regards!

...JRF...