Operating System - HP-UX
1748102 Members
4937 Online
108758 Solutions
New Discussion юеВ

Re: how to temporarily disable specific logins on trusted 10.20 systems

 
SOLVED
Go to solution
Rich Fink
Occasional Advisor

how to temporarily disable specific logins on trusted 10.20 systems

Hi all,

Ok, I've got a question I'm not quite sure how to handle.

I've got a few old boxes still running 10.20 in trusted mode, with about 200-300 users on each system. What we'd like to do is temporarily disable certain users from logging on (based on a user list) for the next several days, while an application is being upgraded. When the upgrade is complete, we let everyone back on.

The trick is that out of 300 or so users, we want to disable maybe 200 of them, while still allowing about 100 to have access. So we can't just lock everyone out across the board. And of course we need a simple way to open the gates up and let everyone back in when the upgrade is complete.

Any ideas? I'm new to trusted systems, so I don't know if it's better to somehow use modprpw with a list of users to lock/unlock their accounts, or maybe just read a list of users via /etc/profile when they login, and if they're on that list just have them exit.

Any pointers would be appreciated. Thanks.

-Rich
"UNIX is a user-friendly Operating System .. it's just picky about choosing its friends."
4 REPLIES 4
Robert Salter
Respected Contributor
Solution

Re: how to temporarily disable specific logins on trusted 10.20 systems

There's a couple of ways, this is just one.
Add this to /etc/profile

NAME=`who am i|awk '{print $1}'`
grep $NAME /tmp/ok_folks > /dev/null
if [ $? = 0 ]
then
clear
echo "Server maintenance is taking place, logins are not allowed."
sleep 5
exit
fi

The ok_folks file would have the login IDs of the users that are ok to login. Make a copy of /etc/profile before adding the above that way when you're done you can copy it back so everyone can login.

Think beer,
robert

Time to smoke and joke
Robert Salter
Respected Contributor

Re: how to temporarily disable specific logins on trusted 10.20 systems

Rich,

I made a little mistake, the ok_folks file would have the login IDs of the folks you DON'T want to login.

Or you could change the test to
if [ $? != 0 ] and leave the ok_folsk as the ones who can login.


maybe it should be
Drink beer,
robert

Time to smoke and joke
Srinivas Thokala_1
Frequent Advisor

Re: how to temporarily disable specific logins on trusted 10.20 systems

To permit only limited users to login to a box
Edit /var/adm/.access_list with required user id├в s in each individual lines who needs the access.
# touch /tmp/stay_out file
I think you need to add each userid in one line to stay-out.

Edit file /tmp/stay_out_msg

With the message to be displayed for the users who tries to login to the system other than listed in .access_list.

To restric no. of users ftp to a server:
Edit the file /etc/ftpusers with user accounts to be restricted in each individual lines.
Srinivas Thokala
Rich Fink
Occasional Advisor

Re: how to temporarily disable specific logins on trusted 10.20 systems

Thanks to both of you!

Robert's was exactly what I was looking for. I did some testing on a sandbox machine, and it worked perfectly. (adjusting the logic as you pointed out)

Now I just need the programmers to give me the list of losers, err, users to lock out, and I'm in business.

Points have been assigned, and I thank y'all again!

-Rich


"UNIX is a user-friendly Operating System .. it's just picky about choosing its friends."
"UNIX is a user-friendly Operating System .. it's just picky about choosing its friends."