HPE Community
Operating System - HP-UX
1819905 Members
2995 Online
109607 Solutions
New Discussion юеВ

Re: Disable user account login

 
Wendy_9
Frequent Advisor

тАО11-19-2003 02:49 PM

тАО11-19-2003 02:49 PM

Disable user account login

Hi,

I have some accounts (eg. daemon,sys,etc) that do not need direct login access and I want to disable their login.

How can I configure it at SAM?

Thanks

Regards,
Wendy

PS. The system is trusted
0 Kudos
Reply
9 REPLIES 9
Michael Tully
Honored Contributor

тАО11-19-2003 02:51 PM

тАО11-19-2003 02:51 PM

Re: Disable user account login

Hi,

You can use the 'deactivate' selection.
Another handy way from the command line is:

e.g.
# /usr/lbin/modprpw -k daemon

Regards
Michael
Anyone for a Mutiny ?
0 Kudos
Reply
T G Manikandan
Honored Contributor

тАО11-19-2003 02:51 PM

тАО11-19-2003 02:51 PM

Re: Disable user account login

Just do a

#passwd -l
0 Kudos
Reply
ketan_5
Valued Contributor

тАО11-19-2003 02:57 PM

тАО11-19-2003 02:57 PM

Re: Disable user account login

Wendy ,
Just insert * in passwd colums against that username in /etc/passwd. It will disable the acct. As and when you feel to reactivate remove the *. Passwd will be in encripted form in second colum.
0 Kudos
Reply
T G Manikandan
Honored Contributor

тАО11-19-2003 02:57 PM

тАО11-19-2003 02:57 PM

Re: Disable user account login

sorry my command is for non -trusted systems
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

тАО11-19-2003 03:07 PM

тАО11-19-2003 03:07 PM

Re: Disable user account login

You could add the following code to /etc/profile

if [ "$LOGNAME" = "$username" ]
echo "login not permitted"
exit 1
fi

That would do it.

You could mess with the shell settings in /etc/passwd

I would NOT do that. It could effect the functionality of those users doing the jobs they do on your system.

I have verified these users can login. But they don't have a password set.that anyone can hack or anything.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Michael Tully
Honored Contributor

тАО11-19-2003 03:17 PM

тАО11-19-2003 03:17 PM

Re: Disable user account login

The correct way to disable an account on a trusted system is using the two methods I've provided for you. On an 11i system have a look at the man page for 'modprpw'. It will state that using the -k options will lock or unlock a command depending on the status. The other way is 'deactivate' through SAM. The account will already have a '*' in the encryption field in the /etc/passwd file. Do not under any circumstances make any changes to the /etc/passwd file or anyway files under /tcb
Anyone for a Mutiny ?
0 Kudos
Reply
Rajeev Shukla
Honored Contributor

тАО11-19-2003 03:21 PM

тАО11-19-2003 03:21 PM

Re: Disable user account login

To disable an account in trusted system use
/usr/lbin/modprpw -m alock=YES

This puts an admin lock on the user account and no one can login.
Also you can change other values of the tcb files of the user using modprpw, have a look at man pages which is found in 11i onwards
0 Kudos
Reply
Suresh Patoria
Super Advisor

тАО11-19-2003 04:54 PM

тАО11-19-2003 04:54 PM

Re: Disable user account login

Hi,

Try the following command. it will help u,

#passwd -l <>

Thanx
0 Kudos
Reply
Robert DJ
Frequent Advisor

тАО11-19-2003 05:52 PM

тАО11-19-2003 05:52 PM

Re: Disable user account login

Hi Wendy,

Using SAM.

Double click on Accounts for Users and Groups -> Local Users .

Here you can find a list of ids like daemon,sys. Select the ids you want to disable and goto action menu and do the changes you require.

Thanx & Regards,

Roby
Robert DJ
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.