- Community Home
- >
- Servers and Operating Systems
- >
- Operating System - HP-UX
- >
- System Administration
- >
- User Login
-
-
Categories
- Topics
- Hybrid IT with Cloud
- Mobile & IoT
- IT for Data & Analytics
- Transformation
- Strategy and Technology
- Products
- Cloud
- Integrated Systems
- Networking
- Servers and Operating Systems
- Services
- Storage
- Company
- Events
- Partner Solutions and Certifications
- Welcome
- Welcome
- Announcements
- Tips and Tricks
- Feedback
-
Blogs
- Alliances
- Around the Storage Block
- Behind the scenes @ Labs
- Converged Data Center Infrastructure
- Digital Transformation
- Grounded in the Cloud
- HPE Careers
- HPE Storage Tech Insiders
- Infrastructure Insights
- Inspiring Progress
- Internet of Things (IoT)
- My Learning Certification
- Networking
- OEM Solutions
- Servers: The Right Compute
- Telecom IQ
- Transforming IT
-
Quick Links
- Community
- Getting Started
- FAQ
- Ranking Overview
- Rules of Participation
- Contact
- Email us
- Tell us what you think
- Information Libraries
- Integrated Systems
- Networking
- Servers
- Storage
- Other HPE Sites
- Support Center
- Enterprise.nxt
- Marketplace
- Aruba Airheads Community
-
Categories
-
Forums
-
Blogs
-
InformationEnglish
User Login
SOLVED- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
04-24-2009 04:57 AM
04-24-2009 04:57 AM
Following is my requirement.
I have a unix user which controls the applicaiton. No one should login to the server using this account using ssh or telnet or any other application.
They shud login using their individual account and then they should be able to do su - apps_account.
Is it possible, if so, please explain.
Cheers,
Ravi
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
04-24-2009 05:03 AM
04-24-2009 05:03 AM
Re: User Login
Re: User Login
Just lock the password of the user.
# passwd -l user
Regards,
Robert-Jan
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
04-24-2009 05:13 AM
04-24-2009 05:13 AM
Re: User Login
Re: User Login
Your password was changed by root
Password:
Account is disabled - see Account Administrator
su: Sorry
Doesn't meet my requirement.
Ravi.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
04-24-2009 05:21 AM
04-24-2009 05:21 AM
Re: User Login
Re: User Login
Keep the shell column of the user as /bin/false in /etc/passwd - this will meet ur requirement.
Vinod
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
04-27-2009 02:45 AM
04-27-2009 02:45 AM
Re: User Login
Re: User Login
If i keep the shell /bin/false, it will not allow me to login over ssh or even su - test.
Ravi.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
04-27-2009 03:27 AM
04-27-2009 03:27 AM
Re: User Login
Re: User Login
I changed the passwd field in the (my case) /etc/shadow file to LOCKED for a test user. Now you can use su - user to switch user, but you can not login directly with this user account.
gorj:LOCKED:14361::::::
Regards,
Robert-Jan
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
04-27-2009 05:38 AM
04-27-2009 05:38 AM
Re: User Login
Re: User Login
There are 2 challeges here. When we change it to LOCKED, it actually changes the password field and whenever user types the password, it doesn't match the encrypted pasword, becoz, we have removed the encrypted password and put a new word LOCKED.
So they user will never login to the server over telnet or ssh. instead of chnaging the encrypted portion, I can just change the password of the apps users and keep it with me ;)
As you said, I can do su - test, but I can do it as root. I cannot switch to the user as a normal user. Again the password will not work.
Cheers,
Ravi.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
04-27-2009 05:47 AM
04-27-2009 05:47 AM
Re: User Login
Re: User Login
User_Alias PROD = user1, user2, user3
PROD ALL = NOPASSWD: /usr/bin/su [-] apps_acct
The user would login with their account and then run: sudo su - apps_acct
If configured properly, the users won't be prompted for the apps_acct password.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
04-27-2009 06:27 AM
04-27-2009 06:27 AM
Re: User Login
Re: User Login
Using sudo is the last thing in my mind. Is there any way to accomplish my requirement.
Ravi.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
04-27-2009 06:38 AM
04-27-2009 06:38 AM
Re: User Login
Re: User Login
ok, locking the account means you can't "su -" as a normal user, as the password has to work.
changing shell to "false" won't work as you need a shell.
however, sudo will let "normal" users "su -" to the locked account using *their* password, because they'd be running the "su" as root.
Maybe sudo need to move up on your list?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
04-27-2009 08:00 AM
04-27-2009 08:00 AM
Solution- in the apps_account users .profile, create a script check to see if the account was logged into directly or by su (who am i). The script would exit if logged into directly. I've done something like this in Solaris.
- Another method would be to deny the user access to each application. See the 'DenyUsers' directive for ssh and ftpusers for ftp. I'm sure most apps can be configured to deny a specific user.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
04-29-2009 08:18 AM
04-29-2009 08:18 AM
Re: User Login
Re: User Login
Thank You.
Hewlett Packard Enterprise International
- Communities
- HPE Blogs and Forum
© Copyright 2018 Hewlett Packard Enterprise Development LP