HPE Community
Operating System - HP-UX
1847188 Members
4918 Online
110263 Solutions
New Discussion

Re: Deny Login Script

 
SOLVED
Go to solution
Chris Weislak
Advisor

‎01-24-2006 07:02 AM

‎01-24-2006 07:02 AM

Deny Login Script

I am running an INFORMIX database on a HP-UX server. Because informix requires a user id be on the system running the database, I need to deny every user login rights for telnet or SSH except admins. I created a script and placed it in the users .profile file. but I get an error when it hits the 'exit' line. How do I hide the error or make it work correctly to just kick out the user? Also the $name does not display the name when runing it from sh. It worked in csh.

set name = `whoami`
echo ""
echo "*************************************************"
echo "*** You do not have permission to log into ***"
echo "*** this system if you feel this is an error ***"
echo "*** Please contact your Administrator ***"
echo "*************************************************"
echo ""
echo ""

sleep 2
echo $name | mailx -s "User tried to login using telnet" hta_admin
exec exit


Please help...I need all the help I can get :)
Thanks,
Chris
0 Kudos
10 REPLIES 10
Steven E. Protter
Exalted Contributor

‎01-24-2006 07:08 AM

‎01-24-2006 07:08 AM

Re: Deny Login Script

Shalom Chris,

You can build something into /etc/profile that checks the $LOGNAME variable and ejects users that are not allowed to log in.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Chris Weislak
Advisor

‎01-24-2006 07:09 AM

‎01-24-2006 07:09 AM

Re: Deny Login Script

I just figured out the $name..I used $USER instead and got what I wanted. I still get the error though when I login that exit is not a vaild command.

Chris
0 Kudos
Pete Randall
Outstanding Contributor

‎01-24-2006 07:09 AM

‎01-24-2006 07:09 AM

Re: Deny Login Script

Chris,

Perhaps the "/etc/nologin" feature of the /etc/default/security file would be of help to you. Take a look at the man page for "security".


Pete

Pete
0 Kudos
Pete Randall
Outstanding Contributor

‎01-24-2006 07:10 AM

‎01-24-2006 07:10 AM

Solution

Re: Deny Login Script

On another note, what happens if you just do "exit" rather than "exec exit"?


Pete

Pete
0 Kudos
Rodney Hills
Honored Contributor

‎01-24-2006 07:10 AM

‎01-24-2006 07:10 AM

Re: Deny Login Script

Be sure to put a "trap" statement to make sure the user can not break out the profile.

I don't think you need "exec" in front of "exit" either.

HTH

-- Rod Hills
There be dragons...
0 Kudos
Chris Weislak
Advisor

‎01-24-2006 07:17 AM

‎01-24-2006 07:17 AM

Re: Deny Login Script

I removed the exec and that worked. I think I used it with the csh. How do you "trap" the user so they cannot get out of the script? Forgive me I am very new to the scripting side of UNIX.

Thanks,
Chris
0 Kudos
James R. Ferguson
Acclaimed Contributor

‎01-24-2006 07:26 AM

‎01-24-2006 07:26 AM

Re: Deny Login Script

Hi Chris:

# trap '' INT QUIT HUP

...will provide good protection.

Regards!

...JRF...
0 Kudos
Pete Randall
Outstanding Contributor

‎01-24-2006 07:29 AM

‎01-24-2006 07:29 AM

Re: Deny Login Script

trap "" 1 2 3 # ignore HUP, INT, QUIT now.


Pete

Pete
0 Kudos
Chris Weislak
Advisor

‎01-24-2006 07:39 AM

‎01-24-2006 07:39 AM

Re: Deny Login Script

Those suggestions worked great. Now the script works clean and you cannot quit it during the time it is running. You all rock...

Thanks,
Chris
0 Kudos
James R. Ferguson
Acclaimed Contributor

‎01-24-2006 07:40 AM

‎01-24-2006 07:40 AM

Re: Deny Login Script

Hi (again) Chris:

Oh, it looks kike your using a C-shell (csh) script. In that case use this:

# onintr -

Regards!

...JRF...
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.