HPE Community
Operating System - HP-UX
1752689 Members
5213 Online
108789 Solutions
New Discussion юеВ

no login user.............

 
SOLVED
Go to solution
Viney Kumar
Regular Advisor

тАО08-31-2009 04:59 AM

тАО08-31-2009 04:59 AM

no login user.............

Hi

I have HP-ux 11.11 trusted system. In which i want to create a noloin user

please suggest.........

Im already tried with

/sbin/true and /sbin/false

these option restricted but im unable to discover it with ITM tools.....

provide ur valuable suggestion on it.......

thanks
0 Kudos
Reply
5 REPLIES 5
Sunny123_1
Esteemed Contributor

тАО08-31-2009 05:11 AM

тАО08-31-2009 05:11 AM

Re: no login user.............

Hi

Can you provide why such user you want to create?? and what access you want to provide these users?



Regards
Sunny
0 Kudos
Reply
Mel Burslan
Honored Contributor

тАО08-31-2009 05:13 AM

тАО08-31-2009 05:13 AM

Re: no login user.............

Also, it might help to specify what you mean by ITM tools. It might be something obvious for you, but for me, it is nothing other than another acronym out of the alphabet soup.
________________________________
UNIX because I majored in cryptology...
0 Kudos
Reply
Viney Kumar
Regular Advisor

тАО08-31-2009 05:21 AM

тАО08-31-2009 05:21 AM

Re: no login user.............

Hi.....


This user need to discoverig the server in ITM (IBM Tivoli management like hp-ovo) database. there some admin level commands which needs to be excuted by it.

Regards
Viney
0 Kudos
Reply
Mel Burslan
Honored Contributor

тАО08-31-2009 05:44 AM

тАО08-31-2009 05:44 AM

Solution

Re: no login user.............

Then I must say, your understanding of nologin user is a wrong one. If it is required to execute commands, how in the earth will it be able to do it without a shell ? What you need is "no interactive login allowed" for this user and unfortunately, in hpux, there are no settings as I know of, to create a user and prevent them from executing commands but not being able to login interactively.

We employ a similar measure to keep people from logging into service accounts, like oracle, weblogic etc., directly with a code segment like below, placed in /etc/profile.

#
# Deny application accounts direct login
#
if [[ "`/usr/bin/tty`" != "/dev/vty0" ]]
then
if /usr/bin/grep -q "^${LOGNAME}$" /etc/restricted.login
then
ls -al $(/usr/bin/tty) | /usr/bin/awk '{print $3}' | read OWNER

if [[ "${LOGNAME}" = "${OWNER}" ]]
then
echo "\n******************************************************"
echo " Direct login as '$LOGNAME' is NOT AUTHORIZED"
echo "******************************************************\n"
sleep 3
kill -9 $$
fi
fi
fi


If the username is in/etc/restricted.login, it will not be allowed to login interactively, but it still can fire one-off commands from a remote session via ssh (ssh is our requirement, yours can be any remote protocol)

Hope this helps
________________________________
UNIX because I majored in cryptology...
Reply
Sunny123_1
Esteemed Contributor

тАО08-31-2009 05:49 AM

тАО08-31-2009 05:49 AM

Re: no login user.............

Hi

If you dont want this user to login in to system then edit his .profile and give exit there in the last column of .profile and save it.



Regards
Sunny
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.