- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Disable Logins
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-28-2001 07:07 AM
03-28-2001 07:07 AM
How can this be accomplished? We are running HP UX 11.00.
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-28-2001 07:14 AM
03-28-2001 07:14 AM
Re: Disable Logins
CONSOLE=/dev/console.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-28-2001 07:17 AM
03-28-2001 07:17 AM
Re: Disable Logins
Create the file /etc/securetty and insert the word console into it. This means root accounts can only use the console to log direct into the server (which means physical machine room access) otherwise they must use their own personal accounts then su - root
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-28-2001 07:18 AM
03-28-2001 07:18 AM
Re: Disable Logins
Hope this helps.
Rob
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-28-2001 07:21 AM
03-28-2001 07:21 AM
Re: Disable Logins
Root access can be denied to any port on the system by the use of the /etc/securetty file. If not present (the default), anyone who knows the root password can login as root regardless of their location (modem, DTC port, tty port, network login).
Steffi Jones
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-28-2001 07:38 AM
03-28-2001 07:38 AM
Re: Disable Logins
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-28-2001 08:57 AM
03-28-2001 08:57 AM
Re: Disable Logins
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-28-2001 09:22 AM
03-28-2001 09:22 AM
Re: Disable Logins
'sudo su - oracle' for example.
You can get sudo at the HP-UX porting center.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-28-2001 09:23 AM
03-28-2001 09:23 AM
SolutionAfter some thinking, I thought of an easy solution to your problem, and that is to make use of the differences in the commands "who am i" and "whoami". In an su situation, "who am i" will report the user you su from while "whoami" will report the user you su to.
In this way, depending on the login shell you are using, you can modify .profile/.cshrc/.login of your Oracle account accordingly to suit your needs.
For example, add the following to the beginning of your oracle's .profile:
=============================================
trap "" 1 2 3
if [ "who am i|awk '{print $1}' != "whoami" ]
then
# this implies an su, thus proceed on
# with the rest of your command executions.
else
# this user must have logged on direct
# without su'ing thus logout this user
logout
fi
trap 1 2 3
=============================================
To prevent your user from modifying his own .profile to workaround it, remember to change the ownership of oracle's .profile to root and chmod 755 the .profile.
Hope this helps. Regards.
Steven Sim Kok Leong
Brainbench MVP for Unix Admin
http://www.brainbench.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-28-2001 09:26 AM
03-28-2001 09:26 AM
Re: Disable Logins
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-28-2001 09:51 AM
03-28-2001 09:51 AM
Re: Disable Logins
...jcd...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-29-2001 12:27 AM
03-29-2001 12:27 AM
Re: Disable Logins
if test -t 0
then
if [ ! `tty` = "/dev/console" ]
then
...
exit
fi
fi
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-29-2001 05:44 AM
03-29-2001 05:44 AM
Re: Disable Logins
You might want to check out ssh (Secure Shell)...very versatile and secure.
http://www.ssh.com
Features listed on web site:
Protects all passwords and data.
Full replacement for telnet, rlogin, rsh, rcp, and ftp.
Fully integrated secure file transfer and file copying. Really cool graphical user interface on Windows.
Automatic authentication of users, no passwords sent in cleartext to prevent the stealing of passwords.
Multiple strong authentication methods that prevent such security threats as spoofing identity.
Authentication of both ends of connection, the server and the client are authenticated to prevent identity spoofing, trojan horses, etc.
Automatic authentication using agents to enable strong authentication to multiple systems with a single sign-on.
Transparent and automatic tunneling of X11 sessions.
Tunneling of arbitrary TCP/IP-based applications, such as e-mail.
Encryption and compression of data for security and speed.
Multiple built-in authentication methods, including passwords, public key, and host-based authentication.
Multiple ciphers for encryption, including e.g. 3DES, Blowfish and the AES candidate TWOFISH.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-08-2001 04:52 PM
04-08-2001 04:52 PM
Re: Disable Logins
In addition to the use of /etc/securetty and checks in the /etc/profile, I would also comment out the exec service in /etc/inetd.conf. Otherwise a user could enter the following command in from a PC running Exceed or another X server:
rexec
This would load up an xterm as root on the host bypassing /etc/profile and roots .profile. Ofcourse, the person running this would have to provide the correct root password.
Cheers,
Joseph.