topic Re: What's the file? Simple question.... in Operating System - HP-UX

What's the file? Simple question....

ACS_2 — Thu, 15 Feb 2001 22:21:47 GMT

What is file file you stick in /etc to restrict users from loging in?

Re: What's the file? Simple question....

Jason VanDerMark — Thu, 15 Feb 2001 22:37:59 GMT

Can you be a little more specific. There are lots of files in /etc which can keep users from logging in (eg. passwd). If you can be a more precise or give us an example of the situation it would help greatly.

Thanks,
Jason V.

Re: What's the file? Simple question....

Rick Garland — Thu, 15 Feb 2001 22:39:49 GMT

Not aware of a file to put into /etc to restrict logins but you could modify the /etc/profile to for a file and if it exists, do not allow logins. Most of what I have seen, if a file called 'nologins' exists, typically in /etc, the the profile will see it and not allow logins. Again, this works in conjunction with the /etc/profile as just having the nologins file will not work, the profile has to be looking for it.

Re: What's the file? Simple question....

ACS_2 — Thu, 15 Feb 2001 23:03:56 GMT

I thought you could just create this file in /etc, and as long as it exsists, only root can login to the server. Actually I'm not sure it works that way on HP, but it does work on AIX.

I guess what I want to know is, how can I temporarily keep users from loging on to the box?

Re: What's the file? Simple question....

Patrick Wallek — Thu, 15 Feb 2001 23:39:13 GMT

I believe creating the /etc/nologin works on Solaris too but, as Rick said, it only works on HP if you modify the /etc/profile so it will look for the file.

If you are working from the console only, or have the web console, you could always stop inetd. That would prevent anyone from logging in. It would also prevent you from using any other network services as well though.

Re: What's the file? Simple question....

Patrick Wallek — Thu, 15 Feb 2001 23:40:40 GMT

Another option would be to just move the /etc/passwd file to something like passwd.with.all.users and then create a new passwd file with only the users you want to access the system.

Re: What's the file? Simple question....

Steven Sim Kok Leong — Fri, 16 Feb 2001 07:34:17 GMT

Hi,

Are you referring to /etc/securetty?

Hope this helps. Regards.

Steven Sim Kok Leong
Brainbench MVP for Unix Admin
http://www.brainbench.com

Re: What's the file? Simple question....

Paul T. Green — Wed, 07 Mar 2001 16:42:15 GMT

I am under the impression that /etc/secure.tty is a file that keeps users from loging into the server from their workstations as root. This way only through the console can a person login as root. To my knowledge there is *no way* to keep users out of the system other than to shut down appplications and or sigle user mode...

Re: What's the file? Simple question....

Jerry L. Anderson — Tue, 13 Mar 2001 18:18:32 GMT

As a system admin we used /etc/nologin to keep users out of systems during maintenance and it worked fine. The following snippet of code is from /etc/profile

if [ -f /etc/nologin -a $uid -ne 0 ]; then
echo "Sorry, no login allowed, try later!"
sleep 5
exit 0
fi

As you can see, root can log in but users can't

Re: What's the file? Simple question....

Joanne Keegan — Tue, 13 Mar 2001 20:57:35 GMT

We use /etc/profile to limit user access, and this works well. If we have backups running and do not want users (except root) to login we create a BackUps file containing a message. When it is okay for users to be in we rename BackUps to NoBackUps. Here's what we have in /etc/profile:

# Check for backups in progress
if [ -x /etc/BackUps ]
then
if [ `whoami` != "root" ]
then
/etc/BackUps
exit
fi
fi

Re: What's the file? Simple question....

Wodisch — Tue, 13 Mar 2001 21:37:14 GMT

Hello ACS,
if you are going for the "/etc/nologin" approach, be
careful to insert that "if [ -f /etc/nologin ]" snippet in
all places used for logins, as there are:
- serial/console: /etc/profile, /etc/cshrc
- telnet/rlogin: /etc/profile, /etc/cshrc
- X-Windows: /etc/dt/config/Xstartup

HTH,
Wodisch