HPE Community
Operating System - HP-UX
1830878 Members
1675 Online
110017 Solutions
New Discussion

Block remote login from a user

 
SOLVED
Go to solution
Flavio de Souza Oliveir
New Member

‎03-24-2005 12:47 AM

‎03-24-2005 12:47 AM

Block remote login from a user

Hi all,

I have a HPUX 11.00 and I want to block remote logins from a specific user. I would like to permit su to that user, but wouldn't logins to them directly...
Like what occurs with root and /etc/securetty....

Sorry for my poor english....

Thanks in advance,
Flavio.
0 Kudos
Reply
3 REPLIES 3
RAC_1
Honored Contributor

‎03-24-2005 01:01 AM

‎03-24-2005 01:01 AM

Re: Block remote login from a user

If that user comes from definite ip addresses, you can block him using /var/adm/ined.sec file. You will have to put following in this file.

telnet deny "ip_address"

Is above can not be done, You may need to use sudo/tcp wrapers. If you have tcp wrppers, put following in /etc/hosts.deny

telnetd : "user_name"
There is no substitute to HARDWORK
0 Kudos
Reply
Bill Hassell
Honored Contributor

‎03-24-2005 01:13 AM

‎03-24-2005 01:13 AM

Solution

Re: Block remote login from a user

There is no simple way to do this because the user must first login to be identified. So you would do this in /etc/profile:

PROBUSER=userb
ORIGUSER=$(who -m | cut -f1 -d \ )
if [ $ORIGUSER = $PROBUSER ]
then
echo "Login not allowed"
exit
fi

In this case, if the user logs in as usera and then runs: su - userb, /etc/profile will allow this because who -m will report the original user's login. If the original login is userb then it will fail because the original user is userb.


Bill Hassell, sysadmin
Reply
doug mielke
Respected Contributor

‎03-24-2005 01:25 AM

‎03-24-2005 01:25 AM

Re: Block remote login from a user

if you replace the encriped password in /etc/passwd, (if using non trusted systems) with a single character, the user can't directly log in, but root can su to it.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.