HPE Community
Operating System - HP-UX
1836414 Members
2433 Online
110100 Solutions
New Discussion

create no login user ID

 
SOLVED
Go to solution
Carl Cloutier
Advisor

‎04-16-2003 07:01 AM

‎04-16-2003 07:01 AM

create no login user ID

Hi,
Is there a way to create or effect a no login user on an HPUX 11 non-trusted machine? What I mean is a user that can not login but can be su'd to. That means simply altering the user's password is not an acceptable solution.
Thanks,
Carl

When in doubt, gas it!
0 Kudos
Reply
5 REPLIES 5
Paula J Frazer-Campbell
Honored Contributor

‎04-16-2003 07:09 AM

‎04-16-2003 07:09 AM

Re: create no login user ID

Carl

Create the user and put * in the password field.

I think that should do what you require


Paula
If you can spell SysAdmin then you is one - anon
0 Kudos
Reply
Michael Steele_2
Honored Contributor

‎04-16-2003 07:11 AM

‎04-16-2003 07:11 AM

Solution

Re: create no login user ID

Any ip address or set of ip addresses can be blocked or denied via inetd.sec or one of the various other ip filtering applications. And this would prevent any telnet or rlogin connection to any and all.

Allow only specific statically assigned ips or subnets and protect them.

Else, what ever is defined in the shell parameter as well as the password parameters will block or deny any access to the account.
Support Fatherhood - Stop Family Law
Reply
john korterman
Honored Contributor

‎04-16-2003 07:19 AM

‎04-16-2003 07:19 AM

Re: create no login user ID

Hi,
in ksh you can make use of the LOGNAME variable: the name with which the user originalley logs in is assigned to that variable. You can then test on the original logname in the .profile for the user to which you will only allow to su.
Example of the .profile for the user flipflop:

#!/usr/bin/sh
if [ "$LOGNAME" = "flipflop" ]
then
exit
fi

which will immediately logout the user flipflop when he logs in directly, but allow a su - flipflop.

regards,
John K.
it would be nice if you always got a second chance
Reply
Paul Sperry
Honored Contributor

‎04-16-2003 07:24 AM

‎04-16-2003 07:24 AM

Re: create no login user ID

for the user qwerty the /etc/passwd entry would be

qwerty:*:102:300:Qwerty Person:/home/qwerty:/bin/ksh

No login
0 Kudos
Reply
Michael Steele_2
Honored Contributor

‎04-16-2003 07:53 AM

‎04-16-2003 07:53 AM

Re: create no login user ID

Any ip address or set of ip addresses can be blocked or denied via inetd.sec or one of the various other ip filtering applications. And this would prevent any telnet or rlogin connection to any and all.

Allow only specific statically assigned ips or subnets and deny all others.

Whatever is defined in the account shell parameter as well as the password parameter will be seen during the login process regardless of connection type. Whether from network or serial login.
Support Fatherhood - Stop Family Law
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.