https://community.hpe.com/t5/operating-system-hp-ux/security/m-p/2497649#M758784 Seem to forget a line which goes above the others ;)<BR /><BR />rechtstreeks=`/usr/bin/logname`<BR /><BR />(p.s. rechtstreeks is a Dutch word voor "straight" so you can make-up your own variable here) Fri, 23 Feb 2001 11:15:33 GMT Ralf Bosz_2 2001-02-23T11:15:33Z https://community.hpe.com/t5/operating-system-hp-ux/security/m-p/2497647#M758782 I know about /etc/securetty restricting root's login ttys/console, however is there a similar file for each user? I have some common application logins which are quite powerful (database, application etc). I would like to force users to login as themselves then su to the appliaction login i.e.<BR />login: joe_blog<BR />Password: ********<BR />% su - informix<BR />....<BR />This should allow me to find out what users(people, not apps) did what!<BR />Cheers Fri, 23 Feb 2001 10:43:16 GMT https://community.hpe.com/t5/operating-system-hp-ux/security/m-p/2497647#M758782 Tim D Fulford 2001-02-23T10:43:16Z https://community.hpe.com/t5/operating-system-hp-ux/security/m-p/2497648#M758783 But this at the end of the user .profile (or in the /etc/profile):<BR /><BR />if [ $rechtstreeks = user ];then<BR /> echo "Access Denied, use su - user"<BR /> exec sleep 5<BR /> exit<BR />fi<BR /><BR />Oh and just a reminder, user search next time, I got this from a search (I thought of something likewise but didn't use logname) Fri, 23 Feb 2001 11:12:57 GMT https://community.hpe.com/t5/operating-system-hp-ux/security/m-p/2497648#M758783 Ralf Bosz_2 2001-02-23T11:12:57Z https://community.hpe.com/t5/operating-system-hp-ux/security/m-p/2497649#M758784 Seem to forget a line which goes above the others ;)<BR /><BR />rechtstreeks=`/usr/bin/logname`<BR /><BR />(p.s. rechtstreeks is a Dutch word voor "straight" so you can make-up your own variable here) Fri, 23 Feb 2001 11:15:33 GMT https://community.hpe.com/t5/operating-system-hp-ux/security/m-p/2497649#M758784 Ralf Bosz_2 2001-02-23T11:15:33Z https://community.hpe.com/t5/operating-system-hp-ux/security/m-p/2497650#M758785 Is this the only method of resticting login? I'm used to AIX, where you can set login=no and rlogin=no, surely there must be a better equivalent than putting something in the .profile?<BR /><BR />Thanks <BR /><BR />Jon. ( I have the same requirement as the original poster) Mon, 26 Feb 2001 05:01:51 GMT https://community.hpe.com/t5/operating-system-hp-ux/security/m-p/2497650#M758785 Jon Gittoes 2001-02-26T05:01:51Z https://community.hpe.com/t5/operating-system-hp-ux/security/m-p/2497651#M758786 The way we have done this is to use sudo and to set the password of the appropriate account as an invalid password (like a *). We then set up a script (or alias) for the users so that when they type oracle, it does a 'sudo su - oracle' and then asks for their password. Also via sudo you can control who does and does not have access to the script.<BR /><BR />Doing this also makes sure that no one logs in directly as the application id, but forces you to do an su. Mon, 26 Feb 2001 05:11:42 GMT https://community.hpe.com/t5/operating-system-hp-ux/security/m-p/2497651#M758786 Patrick Wallek 2001-02-26T05:11:42Z https://community.hpe.com/t5/operating-system-hp-ux/security/m-p/2497652#M758787 Many Thanks for the replies<BR /><BR />It took me a while to clear this one up! sorry, I'm using Ralf's method. It is not what we want exactly but it has similar functionality.<BR /><BR />Sudo is a definite contender for the future, but one step at a time<BR /><BR />Again many thanks all<BR /><BR />Tim F Mon, 18 Jun 2001 15:32:53 GMT https://community.hpe.com/t5/operating-system-hp-ux/security/m-p/2497652#M758787 Tim D Fulford 2001-06-18T15:32:53Z