cancel
Showing results for 
Search instead for 
Did you mean: 

no login user.............

 
SOLVED
Go to solution
Viney Kumar
Regular Advisor

no login user.............

Hi

I have HP-ux 11.11 trusted system. In which i want to create a noloin user

please suggest.........

Im already tried with

/sbin/true and /sbin/false

these option restricted but im unable to discover it with ITM tools.....

provide ur valuable suggestion on it.......

thanks
5 REPLIES
Sunny123_1
Esteemed Contributor

Re: no login user.............

Hi

Can you provide why such user you want to create?? and what access you want to provide these users?



Regards
Sunny
Mel Burslan
Honored Contributor

Re: no login user.............

Also, it might help to specify what you mean by ITM tools. It might be something obvious for you, but for me, it is nothing other than another acronym out of the alphabet soup.
________________________________
UNIX because I majored in cryptology...
Viney Kumar
Regular Advisor

Re: no login user.............

Hi.....


This user need to discoverig the server in ITM (IBM Tivoli management like hp-ovo) database. there some admin level commands which needs to be excuted by it.

Regards
Viney
Mel Burslan
Honored Contributor
Solution

Re: no login user.............

Then I must say, your understanding of nologin user is a wrong one. If it is required to execute commands, how in the earth will it be able to do it without a shell ? What you need is "no interactive login allowed" for this user and unfortunately, in hpux, there are no settings as I know of, to create a user and prevent them from executing commands but not being able to login interactively.

We employ a similar measure to keep people from logging into service accounts, like oracle, weblogic etc., directly with a code segment like below, placed in /etc/profile.

#
# Deny application accounts direct login
#
if [[ "`/usr/bin/tty`" != "/dev/vty0" ]]
then
if /usr/bin/grep -q "^${LOGNAME}$" /etc/restricted.login
then
ls -al $(/usr/bin/tty) | /usr/bin/awk '{print $3}' | read OWNER

if [[ "${LOGNAME}" = "${OWNER}" ]]
then
echo "\n******************************************************"
echo " Direct login as '$LOGNAME' is NOT AUTHORIZED"
echo "******************************************************\n"
sleep 3
kill -9 $$
fi
fi
fi


If the username is in/etc/restricted.login, it will not be allowed to login interactively, but it still can fire one-off commands from a remote session via ssh (ssh is our requirement, yours can be any remote protocol)

Hope this helps
________________________________
UNIX because I majored in cryptology...
Sunny123_1
Esteemed Contributor

Re: no login user.............

Hi

If you dont want this user to login in to system then edit his .profile and give exit there in the last column of .profile and save it.



Regards
Sunny