System Administration
cancel
Showing results for 
Search instead for 
Did you mean: 

User xyz should login from from 10.xxx.xx.x server only

 
SOLVED
Go to solution
bullz
Super Advisor

User xyz should login from from 10.xxx.xx.x server only

Guruz,

I have a requirement that user “xyz” should able to login from only specific IPaddress (10.xxx.xxx.1/2/3)

Is this need to be added any entry in /etc/hosts.allow? How to archive this only for one user.
6 REPLIES
Johnson Punniyalingam
Honored Contributor

Re: User xyz should login from from 10.xxx.xx.x server only

>>>Is this need to be added any entry in /etc/hosts.allow?<<<<

http://forums13.itrc.hp.com/service/forums/questionanswer.do?admit=109447627+1268917971427+28353475&threadId=1341445
Problems are common to all, but attitude makes the difference
Johnson Punniyalingam
Honored Contributor
Solution

Re: User xyz should login from from 10.xxx.xx.x server only

you can also write simple script, which grep "specfic" IP for that particular user "xyz" if matches than it will allow,if not it will fail to longin, you can achieve this by ediing ".profile of "xyz"" added the scripts

# cd /home/xyz

# cp -p .profile .profile.org -> backup .profile

#vi .profile

add lines as per attached file (change IP address as per requirement)
Problems are common to all, but attitude makes the difference
Horia Chirculescu
Honored Contributor

Re: User xyz should login from from 10.xxx.xx.x server only

Hello, bullz

You could disable telnet logins and use only SSH. For the user xyz you should use /usr/bin/sh shell (default in HP-UX)

Then you could modify /etc/profile (add your script at the end of this file!) in order to check for the $LOGNAME and $SSH_CLIENT value.


#---------------------------
USER=restricted_user_name
IP=allowed_IP_address_for_USER

CONNIP=`echo $SSH_CLIENT | awk '{print $1'}`

if [ "$LOGNAME" = "$USER" ] ; then
if [ "$IP" != "$CONNIP" ] ; then
echo "You do not have access from $IP."
logout
fi

fi
#---------------------------------------

If you want to let access from multiple IPs you could change thje second if (if [ "$IP" != "$CONNIP" ] ; then ...) like this:

if [ "$IP" != "$CONNIP" -o "$IP" != "$CONNIP2" -o "$IP" != "$CONNIP3" ] ; then ...

Of course, in this case you should declare the variables CONNIP2 and CONNIP3.

Best regards,
Horia.
Best regards from Romania,
Horia.
Horia Chirculescu
Honored Contributor

Re: User xyz should login from from 10.xxx.xx.x server only

If you would use the user's profile like:

#cd ~user
#vi .profile

When logged in, the user can override your settings (.profile can be altered by this user).

Horia.
Best regards from Romania,
Horia.
bullz
Super Advisor

Re: User xyz should login from from 10.xxx.xx.x server only

Hello all,

Following is seem to be working fine.

#############################################
FP=`who -Rm | grep prakash | awk '{print $6}'`
if [ $FP = "(xx.xx.xx.xx)" ]
then
echo "OK `hostname`"
else
echo "Not Ok for $FP"
exit
fi
#############################################
bullz
Super Advisor

Re: User xyz should login from from 10.xxx.xx.x server only

Found it. Thanx all for ur replies.