HPE Community
Operating System - HP-UX
1826523 Members
4141 Online
109695 Solutions
New Discussion

Re: Denial login through X

 
yc_2
Regular Advisor

‎03-06-2002 09:53 PM

‎03-06-2002 09:53 PM

Denial login through X

Hi,

Is it possible to denial user login using X emulation software ? If so, how ?


Thanks in advance,
YC
0 Kudos
Reply
4 REPLIES 4
S.K. Chan
Honored Contributor

‎03-06-2002 10:04 PM

‎03-06-2002 10:04 PM

Re: Denial login through X

This may/may-not help ..

http://forums.itrc.hp.com/cm/QuestionAnswer/1,,0x99d8a135f587d5118ff00090279cd0f9,00.html
0 Kudos
Reply
Chris Vail
Honored Contributor

‎03-06-2002 11:39 PM

‎03-06-2002 11:39 PM

Re: Denial login through X

I asked this question of HP a few days ago.
Here's how to prevent root from getting a desktop login:

To prevent root from logging in to CDE at any display:

Create /etc/dt/config/Xsession.d/0001.noroot (755 root sys) with the following contents:

#!/usr/bin/sh

if [ $USER = root ]; then
/usr/dt/bin/dterror.ds 'Root Access Denied\n
Login as a non-root user, \n
or as root through Command Line Login' 'title' 'OK'
exit 0
fi

Thanks to NASRE,CHRISTINE [christine_nasre@hp.com]

I've made this work for other users as well, just swap 'root' with the username you wish to lock out.
0 Kudos
Reply
Steve Steel
Honored Contributor

‎03-07-2002 12:14 AM

‎03-07-2002 12:14 AM

Re: Denial login through X

Hi

1)if your user has a fixed machine then copy

/usr/dt/config/Xaccess to /etc/dt/config if
it is not already there and then exclude the users system.


The file contains enough comment to be self explanatory.

2)Use the Xstartup script to identify users.
The script is run with root permissions and can identify users by name that may login to CDE. If Xstartup exits with a non-zero status, CDE will NOT start. Due to display restrictions, you cannot display a message from Xstartup. The user will just see the login is failing.
copy Xstartup,from /usr/dt/config to /etc/dt/config.
Never edit the files in /usr/dt/config.

EXAMPLE:


case "$USER" in

root|admin)
: # do nothing
;;

*)
exit 1
;;
esac

3) As shown above using a test in an Xsession.d script to identify authorized users.
Scripts found in /etc/dt/config/Xsession.d will be "sourced" by CDE's Xsession (/usr/dt/bin/Xsession) during login
EXAMPLE
"/etc/dt/config/Xsession.d/0001.nologin":


case "$USER" in

root|admin)
: # do nothing
;;

*)
/usr/dt/bin/dterror.ds 'Login to CDE not permitted for : $USER\n' 'Thus nologin' 'OK'
exit 1
;;
esac


Steve Steel
If you want truly to understand something, try to change it. (Kurt Lewin)
0 Kudos
Reply
Alex Glennie
Honored Contributor

‎03-07-2002 12:14 AM

‎03-07-2002 12:14 AM

Re: Denial login through X

..... and for host based control see the file : /usr/dt/config/Xaccess and edit it accordingly/to your needs : the file contains info on how to do this.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.