Re: Applicationuser direct-login restricions....

Paul Torp · ‎09-08-2003

Hi

I made a small script in denying users direct login...

I'm placing at the end of /etc/profile.

I created the file /etc/user_deny and chmod'ed it to 544.
I also created the logfile /var/adm/unautorized_directlogin.log
and chmod'ed it to 522
----------------
#This script is supposed to deny given users access to direct login. (not root)

JEG=$(whoami)

if pwget -n "$JEG" | awk -F: '{exit ($3 == 0)}'; then

for US in $(cat /etc/usr_deny)
do

#Are u a part of /etc/user_deny?
if [ $JEG = $US ] ; then
# yes. Do u come by su -?
PRO=$(ps -f | awk '{print $8}'| grep su)
#yes
if [ "$PRO" != "-su" ] ; then
#If not - bye bye
echo "[$(date)] $JEG direct-login attempt - access denied" >>/var/adm/unautorized_directlogin.log
exit
fi
fi
done
fi
-----------------------

The content of /etc/user_deny
-----------------------
#more /etc/usr_deny
test1
test2
test3
------------------------

Sadly about this script it does not deny bash users...

Is there a better way of doing this?

Is accually works, but only for /usr/bin/sh users.

-Paul

"sendmail is kind of fun..."

Robert-Jan Goossens · ‎09-08-2003

Hi Paul,

Take a look at next link.

http://forums.itrc.hp.com/cm/QuestionAnswer/1,,0x7924cbaac6dcd5118ff40090279cd0f9,00.html

Regards,

Robert-Jan.

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Re: Applicationuser direct-login restricions....

Applicationuser direct-login restricions....

Re: Applicationuser direct-login restricions....