Hi,
There are quite a few ways for the user to get into the box. telnet/ftp/rlogin/remsh/rexec etc.,. If you are running sshd on the box, then they can use ssh/sftp to get into the box.
For the clients such as telnet/rlogin/ssh that use /etc/profile, csh.login etc., you can put a piece of script in there to prevent the user to login. For the tools that do not use /etc/profile like ftp, you will need to find otherways like for ftp, you can use ftpusers etc.,
An example code is something like this. Put it at the beginning of /etc/profile.
ME=$(who am i|awk '{print $1}')
grep -q "^${ME}:" /etc/nodirectlogin
if [ $? = 0 ]
then
MYNAME=$(grep "^${ME}:" /etc/nodirectlogin|awk '{FS=":";print $2}')
echo "Connection refused for $MYNAME"
exit
fi
Create a file called /etc/nodirectlogin with the entries like this
login1:LOGIN NAME1
login2:LOGIN NAME2
For csh users, it's /etc/csh.login. You may need to modify the code to suit to csh. Since we are playing with the shell, there are ways to get around with it.
You will also need to configure your CDE as they can login to the system through XWINDOWS. To disallow that put a file called "/etc/dt/config/Xsession.d/0000.nologin" with the following code
grep -q "^${USER}:" /etc/nodirectlogin
if [ $? = 0 ]
then
/usr/dt/bin/dterror.ds "You Cannot login as $USER directly" "Login Denied" "Exit"
exit 1
fi
-Sri
You may be disappointed if you fail, but you are doomed if you don't try
