HPE Community
Operating System - HP-UX
1753882 Members
7226 Online
108809 Solutions
New Discussion

Re: Restricting user to login after there shift

 
Syed Furquan Alam
Advisor

‎08-15-2011 10:07 PM

‎08-15-2011 10:07 PM

Restricting user to login after there shift

Hi,

 

I have a hp-ux machine and there are 5different groups of users. Now we want to restrict one group of user from login once there shift is over. So it means only 2 group will be able to login at a particular time one is whose shift is there and other one is 24hrs group and rest 3 groups user can't login. Similarly for other groups also for other part of the day.

 

Plz let me know if we can restrict like this any how. 

 

Best regards

syed

0 Kudos
Reply
13 REPLIES 13
Johnson Punniyalingam
Honored Contributor

‎08-15-2011 11:04 PM

‎08-15-2011 11:04 PM

Re: Restricting user to login after there shift

Yes its possible.. what is your hpux  os version ..?

Problems are common to all, but attitude makes the difference
0 Kudos
Reply
Syed Furquan Alam
Advisor

‎08-15-2011 11:21 PM

‎08-15-2011 11:21 PM

Re: Restricting user to login after there shift

Hi Johnson,

 

It is HP-UX 11.31 64bit.

0 Kudos
Reply
Johnson Punniyalingam
Honored Contributor

‎08-15-2011 11:51 PM

‎08-15-2011 11:51 PM

Re: Restricting user to login after there shift

man security or you can use smh to configure

 

Configure Per User Exceptions by entering valid user values as specified in security(4) man page. Enter <default> to remove a per user value. The per user value for the security attributes PASSWORD_MINDAYS, PASSWORD_MAXDAYS and PASSWORD_WARNDAYS cannot be removed individually.

 

Example :- 

 

/usr/sbin/userdbset -u shift1 LOGIN_TIMES=Mon

 

shift1 -> user account name

Login_time = Mon .. user can only login on Monday

Problems are common to all, but attitude makes the difference
0 Kudos
Reply
Johnson Punniyalingam
Honored Contributor

‎08-15-2011 11:55 PM

‎08-15-2011 11:55 PM

Re: Restricting user to login after there shift

sorry correction on Login Time filed

Problems are common to all, but attitude makes the difference
0 Kudos
Reply
Johnson Punniyalingam
Honored Contributor

‎08-16-2011 12:00 AM

‎08-16-2011 12:00 AM

Re: Restricting user to login after there shift

/usr/sbin/userdbset -u shift1 LOGIN_TIMES=Su

 

Shift1 -> user account , Login_Times=Su -> user can login only on sunday

Problems are common to all, but attitude makes the difference
0 Kudos
Reply
Johnson Punniyalingam
Honored Contributor

‎08-16-2011 12:02 AM

‎08-16-2011 12:02 AM

Re: Restricting user to login after there shift

below will be the output

 

Trying...Connected to testserver

.Escape character is '^]'.

Local flow control onTelnet TERMINAL-SPEED option ON
HP-UX test server B.11.31 U ia64 (ta)
login: shift1

Password:

Access is denied by the LOGIN_TIMES attribute in security(4).

Connection closed by foreign host.

Problems are common to all, but attitude makes the difference
0 Kudos
Reply
Dennis Handly
Acclaimed Contributor

‎08-16-2011 01:09 AM - edited ‎08-16-2011 01:09 AM

‎08-16-2011 01:09 AM - edited ‎08-16-2011 01:09 AM

Re: Restricting user to login after their shift

If you need to restrict logins during certain hours of the day, you could put the logic into each user's .profile.  If they are smart enough to defeat that, you would have to put it into /etc/profile.

0 Kudos
Reply
Syed Furquan Alam
Advisor

‎08-16-2011 02:37 AM

‎08-16-2011 02:37 AM

Re: Restricting user to login after their shift

Hi Dennis,

 

Thnx for your reply, but can u plz let me know the full step how to put the logics in the .profile of each user as well as on /etc/profile.

 

Plz expplain the full steps.

 

Thnx in Advance

0 Kudos
Reply
James R. Ferguson
Acclaimed Contributor

‎08-16-2011 05:43 AM

‎08-16-2011 05:43 AM

Re: Restricting user to login after their shift

@syed Furquan Alam wrote:

 

Thnx for your reply, but can u plz let me know the full step how to put the logics in the .profile of each user as well as on /etc/profile.

 

It would be appropriate to spell correctly; "...u plz..." isn't English, but "...you please..." would be.

 

That said, you basically want to determine the current date and or time and compare that to the period(s) you want to allow login.  If the user isn't logging in during his/her allowed period, simply exit.  For example, if you only wanted a user to login Monday through Friday and then only between 0800 and 1700, you might add this to your profile:

 

WDAY=$(date "+%w") # 0-Sunday, 6=Saturday
if [ ${WDAY} -lt 1 -o ${WDAY} -gt 5 ]; then
    echo "Weekend login not allowed"
    exit 1
fi
HOUR=$(date "+%H")
if [ ${HOUR} -lt 8 -o ${HOUR} -gt 16 ]; then
    echo "Invalid login period"
    exit 1
fi

Be advised, that if you choose to do this in '/etc/profile', then you want to make sure that it doesn't apply to the 'root' user --- an exercise left to you.

 

Regards!

 

...JRF...

 

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.