HPE Community
Operating System - HP-UX
1833159 Members
3247 Online
110051 Solutions
New Discussion

Command line

 
SOLVED
Go to solution
Rich Sanders
Occasional Contributor

‎10-07-2003 03:39 AM

‎10-07-2003 03:39 AM

Command line

How can I tell (HP-UX 11.0, running Oracle 9) wether or not a user has command line access?
'Well I woke up Sunday morning, with no way to hold my head, that didn't hurt. And the beer I had for breakfast wasn't bad, so I had one more for dessert'
0 Kudos
Reply
6 REPLIES 6
Stefan Farrelly
Honored Contributor

‎10-07-2003 03:42 AM

‎10-07-2003 03:42 AM

Re: Command line

Try logging in as the user;

su -

If you get a shell prompt up then they have command line access. Even if they dont if they can run vi then they can get to command line access with a !sh the same applies from other programs. You should presume most users can get to the command line if they try hard enough.
Im from Palmerston North, New Zealand, but somehow ended up in London...
0 Kudos
Reply
Pete Randall
Outstanding Contributor

‎10-07-2003 03:43 AM

‎10-07-2003 03:43 AM

Solution

Re: Command line

Rich,

Generally, a user without command line access will have an application specified in the last field of /etc/passwd, so that when they log in they are forced into a menu or program which they can (hopefully) not break out of. Check /etc/passwd.


Pete


Pete
Reply
Tomek Gryszkiewicz
Trusted Contributor

‎10-07-2003 03:44 AM

‎10-07-2003 03:44 AM

Re: Command line

You mean shell access?
Look to /etc/passwd. In the last entry of every user there is a shell. If it is a valis shell (/bin/sh, usr/bin/sh, ksh, csh, bash etc) - this user can login to the system. If there is something like "/usr/bin/false", "/nonexistent" etc - this user dont have an access.

-Tomek
Reply
Robert Gamble
Respected Contributor

‎10-07-2003 03:45 AM

‎10-07-2003 03:45 AM

Re: Command line

Rich,

Most Oracle applcations do not setup a UNIX id, just a database id.

But you could check to see if the user is in /etc/passwd and has valid shell listed.
0 Kudos
Reply
Sergejs Svitnevs
Honored Contributor

‎10-07-2003 03:51 AM

‎10-07-2003 03:51 AM

Re: Command line

You can check tty entry in the user's profile.

Disable console:

if ['tty'=/dev/console]
then
exit 1
fi

Enable console only:

if ['tty'!=/dev/console]
then
exit 1
fi

Regards,
Sergejs
Reply
Bill Hassell
Honored Contributor

‎10-07-2003 03:27 PM

‎10-07-2003 03:27 PM

Re: Command line

The question starts with: how does a "user" gain access? Is it via telnet or remsh or ftp or some custom socket connection. The answer dictates whether a a shell prompt exists. Unix does not have a command line, just program services provided by system calls. The command line is typically a shell interface, so as mentioned, check /etc/passwd to see if the user has a shell (/usr/bin/sh /usr/bin/ksh /usr/bin/csh etc), something like this:

cut -f1,7 -d: /etc/passwd

Now it is possible that some users have a local .profile that starts a menu that restricts the user but that is a poor idea. The user should have the menu program as their shell so that there is no possibility of getting a shell prompt (command line).


Bill Hassell, sysadmin
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.