Simpler Navigation for Servers and Operating Systems
Completed: a much simpler Servers and Operating Systems section of the Community. We combined many of the older boards, so you won't have to click through so many levels to get at the information you need. Check the consolidated boards here as many sub-forums are now single boards.
Operating System - Tru64 Unix
cancel
Showing results for 
Search instead for 
Did you mean: 

USER - NOLOGIN

Alejandro Schmidt
Occasional Advisor

USER - NOLOGIN

I have this System users:
nobody:*Nologin:65534:65534:anonymous NFS user:/:
nobodyV:*Nologin:60001:60001:anonymous SystemV.4 NFS user:/:
daemon:*:1:1:system background account:/:
bin:*:3:4:system librarian account:/bin:
uucp:Nologin:4:2:UNIX-to-UNIX Copy:/usr/spool/uucppublic:/usr/lib/uucp/uucico
uucpa:Nologin:4:2:uucp adminstrative account:/usr/lib/uucp:
auth:*:6:11:Authentication Subsystem:/tcb/bin:
cron:*:7:14:Cron Subsystem:/usr/adm/cron:
lp:*:8:12:Line Printer Subsystem:/users/lp:
tcb:*:9:18:Trusted Computing Base:/tcb:
adm:*:10:19:Administration Subsystem:/usr/adm:
ris:Nologin:11:21:Remote Installation Services Account:/usr/adm/ris:/bin/sh
wnn:*:12:1:Wnn Japanese Input Method System Account:/tmp:/bin/sh
pop:*:13:6:POP Mail Service Account:/:
imap:*:14:6:IMAP Mail Service Account:/:
ftp:*:200:15::/raid/ftp:/bin/sh

Some of them say "NOLOGIN" and some of them don't.
Can I change those that does not say NOLOGIN to NOLOGIN? If I do it, may that break something?
I do not want those user to be able to login...
What are my options??

Thank you!!!
6 REPLIES
Venkatesh BL
Honored Contributor

Re: USER - NOLOGIN

If you change to 'Nologin', the user will not be able to login to the system.
Pieter 't Hart
Honored Contributor

Re: USER - NOLOGIN

in the passwd file on the same position as the "nologin" an encrypted version of the user password is stored.
when you specify "*", no password is set and the user is asked to change the password at first logon.
When you set it to "nologin" it doesn't match any password the user knows.

It's the same result as changing the user password without telling him (user unable to login) .
but when using the "nologin" it's a reminder this user is not supposed to login, untill you (re)set his password.
Alejandro Schmidt
Occasional Advisor

Re: USER - NOLOGIN

But if I set it to "NOLOGIN". Will that break any system operation since they are OS user?

Thank you
Pieter 't Hart
Honored Contributor

Re: USER - NOLOGIN

Yes because they are system accounts you better not do that.
You'll surely break something :-(

The accounts should not be allowed interactive login because no shell (last parameter) is specified for those accounts.

Pieter
Alejandro Schmidt
Occasional Advisor

Re: USER - NOLOGIN

Hello,

Thanks for the hint. I hadn't noticed that...Good point!!
What about those two account that do have shell (apparently)

wnn:*:12:1:Wnn Japanese Input Method System Account:/tmp:/bin/sh
ftp:*:200:15::/raid/ftp:/bin/sh

Can I do something like this?
http://www.faqs.org/docs/securing/chap29sec295.html

Thank you. Appreciate your help
Pieter 't Hart
Honored Contributor

Re: USER - NOLOGIN

if you don't use the JapaneseInputMethod-system you might even delete this account.
the "ftp" account is not a standard Tru64 system account.
possibly it is created by a previous administrator?
the procedure in the link you refer to looks reasonable enough to try.
you won't "break the system", but only affect those users that use this "ftp" account.