HPE Community
Operating System - HP-UX
1833863 Members
1869 Online
110063 Solutions
New Discussion

Having operators log directly into restricted SAM

 
Eric Kaiser
Advisor

‎03-14-2002 12:16 PM

‎03-14-2002 12:16 PM

Having operators log directly into restricted SAM

I am trying to have users log directly into a restricted sam. I tried to have the last entry in the .profile call a script that pulls up a menu asking the user to go into SAM or exit completely off the system, even with an exec statement. Additionally I am trapping all break outs as well. It seems that when the user logs off, my exit doesnt get them completely off the system. Its breaking them down to the command line which I dont want. Any suggestions???

Thanks!
0 Kudos
Reply
8 REPLIES 8
melvyn burnard
Honored Contributor

‎03-14-2002 12:19 PM

‎03-14-2002 12:19 PM

Re: Having operators log directly into restricted SAM

In the password file, change the command to be run from /usr/bin/sh to /usr/sbin/sam

and make sure you supply ONLY what you want them to do in the restricted SAM

HTH
My house is the bank's, my money the wife's, But my opinions belong to me, not HP!
0 Kudos
Reply
Eric Kaiser
Advisor

‎03-14-2002 12:24 PM

‎03-14-2002 12:24 PM

Re: Having operators log directly into restricted SAM

Thanks, but I think my prblem is my emulation software (Reflections X or Unix & Digital ). Its not echoing back the display. I tried that as well what you wrote... UUGGHH!!
0 Kudos
Reply
Robert Gamble
Respected Contributor

‎03-14-2002 01:01 PM

‎03-14-2002 01:01 PM

Re: Having operators log directly into restricted SAM

You many want to write a script that execute upon their login.

Inside the script, determine the IP from where they are connecting from using 'who -a' and use awk to get the seventh field. Then add the '0:0' to result and then declare that your $DISPLAY.

Good Luck!
0 Kudos
Reply
Eric Kaiser
Advisor

‎03-14-2002 01:05 PM

‎03-14-2002 01:05 PM

Re: Having operators log directly into restricted SAM

Rob,
Thanks, but I already do have a acript like that in place and again I think the problem is with my terminal software the operators use to login. Refrections X. Within Digital its fine, but any gui it cant interpet. Even with the echo DISPLAY back. Still stuck. :(
Thanks

Eric
0 Kudos
Reply
Holger Knoppik
Valued Contributor

‎03-14-2002 03:12 PM

‎03-14-2002 03:12 PM

Re: Having operators log directly into restricted SAM

Hi Eric!
Maybe you want to work with PPID of the users shell ? I tried to monitor user commands by "script", and checked the PPID. When you say "exit", just the script process dies, but by terminating the PPID, the user will be kicked off immediately. Damn, i cannot get the script right now, but i'll be back!
Hope this helps a bit
RGDS, Holger
Live long and prosper!
0 Kudos
Reply
Holger Knoppik
Valued Contributor

‎03-15-2002 02:39 AM

‎03-15-2002 02:39 AM

Re: Having operators log directly into restricted SAM

Hi again, Eric.
For the user's profile: change ownership: root:sys, the perms 444 are OK. In the profile add: /<script_you_want_to_be_executed>
In the script: The last line should be "kill -9 $PPID. I also ran into problems by using the graphical stuff, but i hope this helps a bit.
RGDS, Holger
Live long and prosper!
0 Kudos
Reply
Peter Kloetgen
Esteemed Contributor

‎03-15-2002 02:52 AM

‎03-15-2002 02:52 AM

Re: Having operators log directly into restricted SAM

Hi Eric,

you can simply use the normal login shell for your users, and take care that they have a file:

.shrc or .kshrc or .cshrc (depending on the used shell)

you have to edit this file:

put these two lines at the end of file:

/usr/bin/sam
exit

So if they stop their sam, they will be automatically kicked of after. I like these two lines!

Allways stay on the bright side of life!

Peter
I'm learning here as well as helping
0 Kudos
Reply
Eric Kaiser
Advisor

‎03-15-2002 12:48 PM

‎03-15-2002 12:48 PM

Re: Having operators log directly into restricted SAM

Guys, Thanks for the info, but I think my problem might still be with the export of the display thru the terminal client. I have tried everything you guys said before with no avail. I guess I will keep poking away at it...
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.