HPE Community
Operating System - HP-UX
1820661 Members
2427 Online
109626 Solutions
New Discussion юеВ

Re: how can i limit some users only login in console

 
щГСхИЪ_1
Occasional Advisor

тАО12-21-2003 01:55 PM

тАО12-21-2003 01:55 PM

how can i limit some users only login in console

i want to limit some user only login in console and can su to them.
or maybe can deny these users direct login but can su to them
0 Kudos
Reply
12 REPLIES 12
Michael Tully
Honored Contributor

тАО12-21-2003 04:58 PM

тАО12-21-2003 04:58 PM

Re: how can i limit some users only login in console

You will need to place a restriction either in the /etc/profile file or the users account .profile ($HOME/.profile) below is an example posting which has some options you can use as a guide.

http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=274006
Anyone for a Mutiny ?
0 Kudos
Reply
Alan Turner
Regular Advisor

тАО12-21-2003 08:41 PM

тАО12-21-2003 08:41 PM

Re: how can i limit some users only login in console

You can stop them loggin in by defining their shell to be /usr/bin/false.

You could also use SAM to deactivate the user - this would prevent their being able to login, but would also disable their password, so if you wanted to su to the user, you would first have to gain root privilege.

0 Kudos
Reply
Bruno Ganino
Honored Contributor

тАО12-21-2003 09:37 PM

тАО12-21-2003 09:37 PM

Re: how can i limit some users only login in console

The file /etc/usertty specifies additional access restrictions for specific users.
(not applicable to login implementations that use PAM)
If this file does not exist, no additional access restrictions are imposed.
The file consists of a sequence of sections.
There are three possible section types: CLASSES, GROUPS and USERS.
I think that the USERS-SECTION can to be useful,.

See into your manual for explanations.

HTH
Bruno
Torino (Turin) +2H
0 Kudos
Reply
Abskhan
Occasional Advisor

тАО12-21-2003 10:17 PM

тАО12-21-2003 10:17 PM

Re: how can i limit some users only login in console

1]Put a check in the /etc/profile and find out from which IP and the userid the user is logging in and allow accrodingly.
2]if you want to deny direct console login then user /etc/securetty file.
3]Write a small script checking which users u want to allow to do su or use program like sudo which can be downloaded.
0 Kudos
Reply
щГСхИЪ_1
Occasional Advisor

тАО12-22-2003 12:11 PM

тАО12-22-2003 12:11 PM

Re: how can i limit some users only login in console

please give me more info for /etc/usertty
0 Kudos
Reply
Bill Hassell
Honored Contributor

тАО12-22-2003 12:54 PM

тАО12-22-2003 12:54 PM

Re: how can i limit some users only login in console

To limit all root logins to the real system console, just do this:

echo console > /etc/securetty

There are no other controls for console logins for other users.


Bill Hassell, sysadmin
0 Kudos
Reply
Varghese Mathew
Trusted Contributor

тАО12-22-2003 01:03 PM

тАО12-22-2003 01:03 PM

Re: how can i limit some users only login in console

hi,

If you could use the script it should look like this (it should be a portion in the ".profile" for each users' home directory)...

The users who needs to have access to the system using "su" should be specified in the file "/etc/root.allow"
----------------------------
user=`logname`;
sulog="/var/adm/sulog"
TTY="`tty | cut -d/ -f3`"

if [ ${user} = "root" ]
then

if [ ${TTY} != "console" ]
then
echo ":root login allowed only through console..."
exit
fi
else
grep ${user} /etc/root.allow > /dev/null 2>&1

if [ ${?} -ne 0 ]
then
echo " : ${user} is NOT ALLOWED TO LOGIN AS root"
date=`date "+%m/%d %H:%M"`
echo "ERR ${date} - ${TTY} ${user}-root" >> ${sulog}
exit
fi
fi
--------------------------------------------

Cheers!!!
Mathew.
Cheers !!!
0 Kudos
Reply
щГСхИЪ_1
Occasional Advisor

тАО12-22-2003 01:17 PM

тАО12-22-2003 01:17 PM

Re: how can i limit some users only login in console

thank you
I do it. edit the /etc/profile
and I want to know more about how to use
/etc/usertty
0 Kudos
Reply
Bruno Ganino
Honored Contributor

тАО12-22-2003 08:05 PM

тАО12-22-2003 08:05 PM

Re: how can i limit some users only login in console

Hi, ├й ├е
more info for usertty (man in attachment)

HTH
Torino (Turin) +2H
0 Kudos
Reply
Bill Hassell
Honored Contributor

тАО12-22-2003 11:58 PM

тАО12-22-2003 11:58 PM

Re: how can i limit some users only login in console

/etc/usertty is not documented in any HP-UX manuals and according to the man page attached in the previous message, it does not apply to logins authenticated by PAM. Starting with 11.00 and completed in 11.11, all authentication is accomplished through PAM modules. The above man page appears to be from another version of Unix. You'll have to use the /etc/profile method to control user access.


Bill Hassell, sysadmin
0 Kudos
Reply
Cheryl Griffin
Honored Contributor

тАО12-23-2003 01:33 AM

тАО12-23-2003 01:33 AM

Re: how can i limit some users only login in console

Happy Birthday Bill!
"Downtime is a Crime."
0 Kudos
Reply
Bruno Ganino
Honored Contributor

тАО12-30-2003 10:49 PM

тАО12-30-2003 10:49 PM

Re: how can i limit some users only login in console

Do you solved your problem ?

If you want to assign points rad here
http://forums1.itrc.hp.com/service/forums/helptips.do?#28

Happy Holidays
Bruno
Torino (Turin) +2H
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.