HPE Community
Operating System - HP-UX
1834644 Members
2433 Online
110069 Solutions
New Discussion

Re: Disable Remote Login

 
Douglas Trainor
New Member

‎07-15-2000 05:04 AM

‎07-15-2000 05:04 AM

Disable Remote Login

Disabling root is done with the /etc/securetty file.
How do I disable other user accounts, like oracle, similarly?
The idea is to have a user login as themself, then su to the oracle account.

Additionally, I would like to ALLOW the same remotely disabled user login
to be able to ftp in. SAM has nothing like AIX's SMIT, which runs "chuser" with
options to do this.(I hate that our admin tools are lacking in comparison to AIX!)
TIA,
DOug
973.781.7413
0 Kudos
Reply
3 REPLIES 3
Antoanetta Naghiu
Esteemed Contributor

‎07-15-2000 05:54 AM

‎07-15-2000 05:54 AM

Re: Disable Remote Login

You can try to play with seconday group and permission. Eventually grant users under their name and dba group with oracle user's rights.
Try to get an internal Oracle mechanism that offer you a log about who did what.
At OS level?... good question... You can create .rhosts in Oracle home directory and let login without password just desired users commning from specifical hosts... You'll get everything log in syslog, but this is not a porfessional solution... Sorry..
0 Kudos
Reply
CHRIS_ANORUO
Honored Contributor

‎07-15-2000 06:57 AM

‎07-15-2000 06:57 AM

Re: Disable Remote Login

You can disable users through SAM and then include the user names in $HOME/.rhosts of oracle home or /etc/hosts.equiv of the server.
When We Seek To Discover The Best In Others, We Somehow Bring Out The Best In Ourselves.
0 Kudos
Reply
John Hall
Frequent Advisor

‎07-17-2000 11:20 AM

‎07-17-2000 11:20 AM

Re: Disable Remote Login

Put the following code in /etc/profile -- the user cannot break out of that. If the userID is "steve" or "pete" then telnet access will be denied. This code works by looking to see what program the parent is and is not fooled if the string "telnetd" is a substring of the text returned by the "ps" command (eg. /usr/bin/mytelnetd). If the parent program were to be telnetd then this user is trying to login using telnet.

case $LOGNAME in
steve|pete)
PSinfo=`ps -ef | grep $PPID | awk '{if($2==PPID){print}
}' PPID=$PPID`
TAB=`echo "t"`
echo "$PSinfo " | grep "[ |${TAB}|/]telnetd[ |${TAB}]" >> /dev/null
case $? in
0) echo "Login [$LOGNAME] not allowed telnet access."
exit ;;
esac
;;
esac
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.