- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: how to temporarily disable specific logins on ...
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-29-2007 01:01 AM
тАО06-29-2007 01:01 AM
Ok, I've got a question I'm not quite sure how to handle.
I've got a few old boxes still running 10.20 in trusted mode, with about 200-300 users on each system. What we'd like to do is temporarily disable certain users from logging on (based on a user list) for the next several days, while an application is being upgraded. When the upgrade is complete, we let everyone back on.
The trick is that out of 300 or so users, we want to disable maybe 200 of them, while still allowing about 100 to have access. So we can't just lock everyone out across the board. And of course we need a simple way to open the gates up and let everyone back in when the upgrade is complete.
Any ideas? I'm new to trusted systems, so I don't know if it's better to somehow use modprpw with a list of users to lock/unlock their accounts, or maybe just read a list of users via /etc/profile when they login, and if they're on that list just have them exit.
Any pointers would be appreciated. Thanks.
-Rich
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-29-2007 01:35 AM
тАО06-29-2007 01:35 AM
SolutionAdd this to /etc/profile
NAME=`who am i|awk '{print $1}'`
grep $NAME /tmp/ok_folks > /dev/null
if [ $? = 0 ]
then
clear
echo "Server maintenance is taking place, logins are not allowed."
sleep 5
exit
fi
The ok_folks file would have the login IDs of the users that are ok to login. Make a copy of /etc/profile before adding the above that way when you're done you can copy it back so everyone can login.
Think beer,
robert
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-29-2007 01:39 AM
тАО06-29-2007 01:39 AM
Re: how to temporarily disable specific logins on trusted 10.20 systems
I made a little mistake, the ok_folks file would have the login IDs of the folks you DON'T want to login.
Or you could change the test to
if [ $? != 0 ] and leave the ok_folsk as the ones who can login.
maybe it should be
Drink beer,
robert
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-29-2007 02:51 AM
тАО06-29-2007 02:51 AM
Re: how to temporarily disable specific logins on trusted 10.20 systems
Edit /var/adm/.access_list with required user id├в s in each individual lines who needs the access.
# touch /tmp/stay_out file
I think you need to add each userid in one line to stay-out.
Edit file /tmp/stay_out_msg
With the message to be displayed for the users who tries to login to the system other than listed in .access_list.
To restric no. of users ftp to a server:
Edit the file /etc/ftpusers with user accounts to be restricted in each individual lines.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-29-2007 07:08 AM
тАО06-29-2007 07:08 AM
Re: how to temporarily disable specific logins on trusted 10.20 systems
Robert's was exactly what I was looking for. I did some testing on a sandbox machine, and it worked perfectly. (adjusting the logic as you pointed out)
Now I just need the programmers to give me the list of losers, err, users to lock out, and I'm in business.
Points have been assigned, and I thank y'all again!
-Rich
"UNIX is a user-friendly Operating System .. it's just picky about choosing its friends."