HPE Community
Operating System - HP-UX
1838646 Members
2410 Online
110128 Solutions
New Discussion

How to disable direct login access to some users on HP-UX 11i v2

 
SOLVED
Go to solution
GSK_2
Advisor

‎07-24-2006 06:33 PM

‎07-24-2006 06:33 PM

How to disable direct login access to some users on HP-UX 11i v2

Hi Guys,

How to disable direct login access to some users on HP-UX 11i v2? Is there any file in which the user entries can be added?
0 Kudos
Reply
6 REPLIES 6
Rajeev Shukla
Honored Contributor

‎07-24-2006 06:45 PM

‎07-24-2006 06:45 PM

Re: How to disable direct login access to some users on HP-UX 11i v2

You can deny users to login from a particular IP address or range using inetd.sec file.
You can not restrict telnet using userid but yes you can restrict ftp
0 Kudos
Reply
Peter Nikitka
Honored Contributor

‎07-24-2006 07:10 PM

‎07-24-2006 07:10 PM

Re: How to disable direct login access to some users on HP-UX 11i v2

Hi,

you can give them /usr/bin/false as login shell or disable the password; scripting in /etc/profile is another way.
The method depends on what these users are allowed to do.

mfG Peter
The Universe is a pretty big place, it's bigger than anything anyone has ever dreamed of before. So if it's just us, seems like an awful waste of space, right? Jodie Foster in "Contact"
0 Kudos
Reply
wip
Frequent Advisor

‎07-24-2006 07:34 PM

‎07-24-2006 07:34 PM

Re: How to disable direct login access to some users on HP-UX 11i v2

either of the following

1. make user shell to /dev/false
2. Put an "exit" in users .profile
3. Deactivate the account

-wip
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎07-24-2006 07:52 PM

‎07-24-2006 07:52 PM

Re: How to disable direct login access to some users on HP-UX 11i v2

Shalom,

Take away their user accounts.

You will need a strict office policy that prevents user id sharing.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
GSK_2
Advisor

‎07-24-2006 09:42 PM

‎07-24-2006 09:42 PM

Re: How to disable direct login access to some users on HP-UX 11i v2

Hello Guys,

We have an application which runs through appl user But the support guys have to login with their user id's(unique) and then su to that appl user and have to do the support work. We have to restrict direct user access to appl user only. By changing the user shell to /usr/bin/false i am unable to su to that appl user (infact it is logging in and logging out at the same time).

Regards,
Satish
0 Kudos
Reply
Peter Nikitka
Honored Contributor

‎07-24-2006 10:06 PM

‎07-24-2006 10:06 PM

Solution

Re: How to disable direct login access to some users on HP-UX 11i v2

Hi,

for the application login I suggest to setup that id with an invalid password entry but create ssh-keys for these users and put them to
~applusr/.ssh/authorized_keys

So they will be able to switch to that user via ssh only without the need of a password but a normal login to that userid will not be possible:
ssh appluser@hostname

Next I would change the loginshell of that appluser (preferred) to the application program or do some scripting in ~/.profile so that there is a direct start of the application at login time.

mfG Peter
The Universe is a pretty big place, it's bigger than anything anyone has ever dreamed of before. So if it's just us, seems like an awful waste of space, right? Jodie Foster in "Contact"
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.