HPE Community read-only access December 15, 2018
This is a maintenance upgrade. You will be able to read articles and posts, but not post or reply.
Hours:
Dec 15, 4:00 am to 10:00 am UTC
Dec 14, 10:00 pm CST to Dec 15, 4:00 am CST
Dec 14, 8:00 pm PST to Dec 15, 2:00 am PST
System Administration
cancel
Showing results for 
Search instead for 
Did you mean: 

HP/UX 11.11 Restricted access for maintenance?

 
SOLVED
Go to solution
rmueller58
Valued Contributor

HP/UX 11.11 Restricted access for maintenance?

We are migrating database from Raid storage to SAN, we want to make sure only key users have access to the system..

Is there a good way in the /etc/profile to keep all but users root, user1, user2 and informix from getting access?

12 REPLIES
Steven E. Protter
Exalted Contributor
Solution

Re: HP/UX 11.11 Restricted access for maintenance?

Shalom,

passwd -l

For every user that you want to keep off the system.

cat /etc/passwd | awk '{ print $1 }' > /tmp/list

edit the list

while read -r un
do
passwd -l $un
done < /tmp/list

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Chandrahasa s
Valued Contributor

Re: HP/UX 11.11 Restricted access for maintenance?

Hi,

You can lock other user duiring activity using command

passwd -l username

verify is it done..

/usr/lbin/getprpw username

you should see lockout=0000010

Chandra
rmueller58
Valued Contributor

Re: HP/UX 11.11 Restricted access for maintenance?

I am on a trusted system.

should i use the modprpw or passwd?

I want several accounts to remain active, but to lockout during maintenance all others, then after we get done to allow all users again.



rmueller58
Valued Contributor

Re: HP/UX 11.11 Restricted access for maintenance?

passwd -l works now I have to get a script written to lock and then unlock.

I am going to create a list per SRP's rec, to

for UU in `cat lockoutuser`
do
passwd -l $UU
done


for unlocking

Roll these two commands in place of passwd:
/usr/lbin/modprpw -l -m alock=NO $UU
/usr/lbin/modprpw -k $UU


Sound right?
James R. Ferguson
Acclaimed Contributor

Re: HP/UX 11.11 Restricted access for maintenance?

Hi:

Instead of:

for UU in `cat lockoutuser`
do
passwd -l $UU
done

...eliminate the extra process you spawn (the 'cat') and let the shell do this:

while read UU
do
passwd -l ${UU}
done < lockoutuser

...

Regards!

...JRF...
rmueller58
Valued Contributor

Re: HP/UX 11.11 Restricted access for maintenance?

Thanks JRF.

rmueller58
Valued Contributor

Re: HP/UX 11.11 Restricted access for maintenance?

JRF or Steven,

would this work to unlock post maintenance?

while read UU
do
/usr/lbin/modprpw -l -m alock=NO $UU
/usr/lbin/modprpw -k $UU
done < lockuser.txt
Chandrahasa s
Valued Contributor

Re: HP/UX 11.11 Restricted access for maintenance?

Hi,

you can just run

/usr/lbin/modprpw -k $userid

Chandra
rmueller58
Valued Contributor

Re: HP/UX 11.11 Restricted access for maintenance?

Chandra, so based on my lock file I would just do this correct?


while read UU
do
/usr/lbin/modprpw -k $UU
done < lockuser.txt

Chandrahasa s
Valued Contributor

Re: HP/UX 11.11 Restricted access for maintenance?

yes

Chandra
rmueller58
Valued Contributor

Re: HP/UX 11.11 Restricted access for maintenance?

All went well, thanks for the assistance!,
rmueller58
Valued Contributor

Re: HP/UX 11.11 Restricted access for maintenance?

All went well with the migration, Thanks, JRF, Steven, and Chandra