Operating System - HP-UX
1830878 Members
1675 Online
110017 Solutions
New Discussion

Block remote login from a user

 
SOLVED
Go to solution

Block remote login from a user

Hi all,

I have a HPUX 11.00 and I want to block remote logins from a specific user. I would like to permit su to that user, but wouldn't logins to them directly...
Like what occurs with root and /etc/securetty....

Sorry for my poor english....

Thanks in advance,
Flavio.
3 REPLIES 3
RAC_1
Honored Contributor

Re: Block remote login from a user

If that user comes from definite ip addresses, you can block him using /var/adm/ined.sec file. You will have to put following in this file.

telnet deny "ip_address"

Is above can not be done, You may need to use sudo/tcp wrapers. If you have tcp wrppers, put following in /etc/hosts.deny

telnetd : "user_name"
There is no substitute to HARDWORK
Bill Hassell
Honored Contributor
Solution

Re: Block remote login from a user

There is no simple way to do this because the user must first login to be identified. So you would do this in /etc/profile:

PROBUSER=userb
ORIGUSER=$(who -m | cut -f1 -d \ )
if [ $ORIGUSER = $PROBUSER ]
then
echo "Login not allowed"
exit
fi

In this case, if the user logs in as usera and then runs: su - userb, /etc/profile will allow this because who -m will report the original user's login. If the original login is userb then it will fail because the original user is userb.


Bill Hassell, sysadmin
doug mielke
Respected Contributor

Re: Block remote login from a user

if you replace the encriped password in /etc/passwd, (if using non trusted systems) with a single character, the user can't directly log in, but root can su to it.