HPE Community
Operating System - HP-UX
1753650 Members
5984 Online
108798 Solutions
New Discussion юеВ

Re: How to remove login capability ?

 
SOLVED
Go to solution
Nick Wickens
Respected Contributor

тАО09-26-2005 08:57 AM

тАО09-26-2005 08:57 AM

Re: How to remove login capability ?

Then sudo may be of some use as you can allow them to run a new shell as if they were the generic user without the need to know the generic users password.

I have done something similar in the past for a generic informix user as you can wrap scripts around the routine to report on which user is using the id and sudo will maintain its own logs.

Do you have sudo installed - Its available from here if you don't have it.

http://hpux.connect.org.uk/hppd/hpux/Sysadmin/sudo-1.6.8p9/
Hats ? We don't need no stinkin' hats !!
Reply
Speedware
Frequent Advisor

тАО09-26-2005 09:00 AM

тАО09-26-2005 09:00 AM

Re: How to remove login capability ?

I will take a look at it.

Thanks.
0 Kudos
Reply
Arunvijai_4
Honored Contributor

тАО09-26-2005 03:47 PM

тАО09-26-2005 03:47 PM

Re: How to remove login capability ?

Sudo is part of HP Internet Express as well, It is compiled with more options, You can download from

http://h20293.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=HPUXIEXP1123

-Arun
"A ship in the harbor is safe, but that is not what ships are built for"
0 Kudos
Reply
Jeff Lightner_1
Frequent Advisor

тАО09-27-2005 12:22 AM

тАО09-27-2005 12:22 AM

Re: How to remove login capability ?

Just change the shell portion of the /etc/passwd entry to /bin/false. That will prevent su and any other login from being succesful. This is because on invocation it will execute /bin/false.

Also due to this it will never read /etc/profile, /etc/login, .profile or .login. Solutions saying to update those risk people being able to break out if they hit ctrl-C quickly enough.
0 Kudos
Reply
Ratzie
Super Advisor

тАО09-27-2005 02:50 AM

тАО09-27-2005 02:50 AM

Re: How to remove login capability ?

Just a thought, but if you change to ssh login only, you can specify in the sshd_config file
DenyUsers user1 user2 whoever
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.