HPE Community
Operating System - HP-UX
1829962 Members
2173 Online
109998 Solutions
New Discussion

How can I prevent user to login directly to a generic account?

 
SOLVED
Go to solution
Joachim Weber_1
Advisor

‎05-10-2004 11:48 PM

‎05-10-2004 11:48 PM

How can I prevent user to login directly to a generic account?

Hi,

I'm trying to secure access to a non-root generic user. Users should only be able to su to this generic user from their user specific logins. A direct login should not be possible.

Maybe someone knows a solution.


Thanks in advance,

Joachim
0 Kudos
Reply
7 REPLIES 7
Cheryl Griffin
Honored Contributor

‎05-10-2004 11:50 PM

‎05-10-2004 11:50 PM

Solution

Re: How can I prevent user to login directly to a generic account?

See KBRC00003707 in the ITRC Knowledge Base.
http://www1.itrc.hp.com/service/cki/docDisplay.do?docLocale=en_US&docId=200000067342908

Europe:
http://www4.itrc.hp.com/service/cki/docDisplay.do?docLocale=en_US&docId=200000067342908
"Downtime is a Crime."
Reply
Robert-Jan Goossens
Honored Contributor

‎05-10-2004 11:56 PM

‎05-10-2004 11:56 PM

Re: How can I prevent user to login directly to a generic account?

Hi Joachim,

Check this thread.

http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=143659

HTH,
Robert-Jan
Reply
Sanjay Kumar Suri
Honored Contributor

‎05-10-2004 11:58 PM

‎05-10-2004 11:58 PM

Re: How can I prevent user to login directly to a generic account?

If you are using CDE you can add the following kind of code in /etc/dt/config/Xstartp file and save.

if [ "$USER" = "root" ]; then
if [ -f /etc/securetty ]; then
if [ "$DTXSERVERLOCATION" != "local" ]; then
grep -q console /etc/securetty
if [ `echo $?` -eq 0 ]; then
exit 1
fi
fi
fi
fi

sks
A rigid mind is very sure, but often wrong. A flexible mind is generally unsure, but often right.
0 Kudos
Reply
Joachim Weber_1
Advisor

‎05-11-2004 12:19 AM

‎05-11-2004 12:19 AM

Re: How can I prevent user to login directly to a generic account?

Hi,

Cheryl, that was so quick and the link really did it. Thanks very much!!

Robert-Jan, a bit more complicated but surely an option.

Sanjay, a good way to secure root.

Thanks to all of you for the quick response!!!!

Regards,

Joachim
0 Kudos
Reply
Mark Grant
Honored Contributor

‎05-11-2004 12:27 AM

‎05-11-2004 12:27 AM

Re: How can I prevent user to login directly to a generic account?

I was going to post this but thought it a bit silly. However, HP seem to suggest you do something silly too :)

How about this in the .profile, it's a bit shorter

[ $0 != "-su" ] && exit
Never preceed any demonstration with anything more predictive than "watch this"
Reply
Joachim Weber_1
Advisor

‎05-11-2004 01:09 AM

‎05-11-2004 01:09 AM

Re: How can I prevent user to login directly to a generic account?

Hi Mark,

That seems to be as short as it can get :)

Great idea!!!

Thanks,

Joachim
0 Kudos
Reply
Paul F. Carlson
Valued Contributor

‎05-13-2004 09:58 AM

‎05-13-2004 09:58 AM

Re: How can I prevent user to login directly to a generic account?

I'm a couple days late on a reponse here, but have you thought of using sudo?

Change the password on the account to an unknown value to the user, then require them to use sudo to su to that account.
Link down -- cable problem?
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.