HPE Community
Operating System - HP-UX
1837835 Members
2436 Online
110121 Solutions
New Discussion

Re: How to lock out users (except root) during maintenance

 
Scott Hanks
New Member

‎05-05-2000 08:46 AM

‎05-05-2000 08:46 AM

How to lock out users (except root) during maintenance

What is the best way to prevent users *except* root from logging into my system during system maintenance periods?

I'm running HPUX 11.0 on a K460, with about 600 users. The only way I can come up with is to make a copy of the /etc/passwd file and remove all users except those I want to allow access and put that in place during maintenance periods. Are there other ways of doing this?
0 Kudos
Reply
6 REPLIES 6
Javier Juarez
Frequent Advisor

‎05-05-2000 09:32 AM

‎05-05-2000 09:32 AM

Re: How to lock out users (except root) during maintenance

there are two ways to do so,
One,
If you're in multiuser mode, go to maintaince mode with command shutdown
then users can't login, except root off course.

Two

From mutliuser mode make a copy of /etc/profile y named /etc/profile.old ( can be any name)
edit /etc/profile and insert the next paragraph at begining, just after the line " trap " " 1 2 3 "

.
.
.
trap " " 1 2 3
if [ "$LOGNAME" != "root" ]
then
exit
fi


Save the file with other name , eg. /etc/profile.block

Then copy file /etc/profile.blok to /etc/profile, you don't need change the level running , after this, only root can login,once that you finish your job as root, make copy from /etc/profile.old to /etc/profile to the users can login.

I'd prefer the option two.

Greetings




.
.
.


0 Kudos
Reply
Alan Riggs
Honored Contributor

‎05-05-2000 12:20 PM

‎05-05-2000 12:20 PM

Re: How to lock out users (except root) during maintenance

If you are performing maintenance at the console you can also shut down inetd or take the network card to a down state. If you want to allow some network communication but not telnet, rlogin, etc. you can simply comment those daemons out of /etc/services and refresh the inetd.

Be careful, though. If you are connecting remotely make sure you turn inetd back on before breaking your connection.
0 Kudos
Reply
Erkan Durmus
Advisor

‎05-09-2000 06:28 AM

‎05-09-2000 06:28 AM

Re: How to lock out users (except root) during maintenance

In /etc/profile put a line to control a file. If that file exists then control user or a special group of the user and if group is not the case you wanted to be, then exit.
For example in /etc/profile put these lines:
-----
if test -f /nologin
then
if [ $LOGNAME != "root" ]
then
exit
fi
fi
-----
When you want to do a maintanance then put an empty file to "/" named as "nologin". After this, nobody could login.
To accept logins remove that "nologin" named file.
Also if you want to make only some users to login to system(not only root), instead of checking user check group of the user. To do this create a group and add users to allow to login in that group. And add these lines to /etc/profile file:

if test -f /nologin
then
for ttx in `groups $LOGNAME`
do
if [ "$ttx" = "group_name" ]
then
LOGINCHK="OK"
fi
done
if [ $LOGINCHK != "OK" ]
then
exit
fi
fi
Unix is always UNIX
0 Kudos
Reply
Erkan Durmus
Advisor

‎05-09-2000 06:29 AM

‎05-09-2000 06:29 AM

Re: How to lock out users (except root) during maintenance

In /etc/profile put a line to control a file. If that file exists then control user or a special group of the user and if group is not the case you wanted to be, then exit.
For example in /etc/profile put these lines:
-----
if test -f /nologin
then
if [ $LOGNAME != "root" ]
then
exit
fi
fi
-----
When you want to do a maintanance then put an empty file to "/" named as "nologin". After this, nobody could login.
To accept logins remove that "nologin" named file.
Also if you want to make only some users to login to system(not only root), instead of checking user check group of the user. To do this create a group and add users to allow to login in that group. And add these lines to /etc/profile file:

if test -f /nologin
then
for ttx in `groups $LOGNAME`
do
if [ "$ttx" = "group_name" ]
then
LOGINCHK="OK"
fi
done
if [ $LOGINCHK != "OK" ]
then
exit
fi
fi
Unix is always UNIX
0 Kudos
Reply
Erkan Durmus
Advisor

‎05-09-2000 06:29 AM

‎05-09-2000 06:29 AM

Re: How to lock out users (except root) during maintenance

In /etc/profile put a line to control a file. If that file exists then control user or a special group of the user and if group is not the case you wanted to be, then exit.
For example in /etc/profile put these lines:
-----
if test -f /nologin
then
if [ $LOGNAME != "root" ]
then
exit
fi
fi
-----
When you want to do a maintanance then put an empty file to "/" named as "nologin". After this, nobody could login.
To accept logins remove that "nologin" named file.
Also if you want to make only some users to login to system(not only root), instead of checking user check group of the user. To do this create a group and add users to allow to login in that group. And add these lines to /etc/profile file:

if test -f /nologin
then
for ttx in `groups $LOGNAME`
do
if [ "$ttx" = "group_name" ]
then
LOGINCHK="OK"
fi
done
if [ $LOGINCHK != "OK" ]
then
exit
fi
fi
Unix is always UNIX
0 Kudos
Reply
Kannikar
New Member

‎07-06-2000 10:46 PM

‎07-06-2000 10:46 PM

Re: How to lock out users (except root) during maintenance

You can add in /etc/profile and touch a new file named /etc/nologin for anyone excepted root can't login to the system by adding in /etc/profile by the following
udi=' id-u '
if [ -f /etc/nologin -a $uid -ne 0 ]; then
echo " Sorry,no login allowed, try later ! "
sleep 5
exit 0
fi
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.