- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- kind of user
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-05-2001 06:29 AM
02-05-2001 06:29 AM
I have to create a table defining user policies. On HP-UX what kind of user can I define? (I want to define e.g. normal users that can do telnet, rcp, rlogin and users that can do only ftp from other hosts). Is it to possible to define groups with different policies (such as under NT?)
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-05-2001 08:36 AM
02-05-2001 08:36 AM
SolutionIt is not quite as easy to define groups of users as it is under NT. One way to do it is to give the user a restrictred shell and set his/her PATH variable to a directory that only has the utilities you want him/her to run.
Allowing a user only remote ftp access is easier. In /etc/passwd, give this person a shell of /usr/bin/false. (This is the seventh or last field of the file.) This will prevent normal terminal based logins but will allow ftp logins.
If the above does not work, make sure /usr/bin/false is present in the /etc/shells file. (You will probably want to put /usr/bin/sh, /sbin/sh, /usr/bin/ksh, and /usr/bin/csh in this file, as well.) See the man page for shells and ftpd for more information.
--Bruce
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-05-2001 11:34 PM
02-05-2001 11:34 PM
Re: kind of user
Just a thing about rsh.
It is not 100% safe. If you use an application which can change
directory and run a shell (which will be restricted), it is as if
you are in a normal shell.
Try this :
Log as user in a rsh
run vi
:cd /tmp (change directory under vi )
:sh (run a shell)
Bye
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-08-2001 01:07 AM
02-08-2001 01:07 AM
Re: kind of user
I am just thinking another possibility : ACL (Access Control List)
This is an extension of unix file permissions.
ACL permits you to put any permissions for any user on any file.
You just have to disallow permission rwx to access directory or file to the users to be restricted.
The problem is not to forget to disallow permission to new data or applications filesets or disks you add to your system (Physically or by NFS)
Bye
Gerard
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-08-2001 02:26 AM
02-08-2001 02:26 AM
Re: kind of user
If you want wish specific groups of users to have access to specific commands, one feasible way would be to create a menu system of commands such as telnet using lynx or a script.
What is important to remember is that you should trap signals before and after running the menu system ie.
Before running: trap "" 1 2 3
After running: trap 1 2 3
Remember also to disable lynxexec so that the user cannot shell out from lynx itself.
You can modify your /etc/profile such that if a user belongs to GID XXX, then a group-specific menu system is run.
Hope this helps. Regards.
Steven Sim Kok Leong
Brainbench MVP for Unix Admin
http://www.brainbench.com