HPE Community
Operating System - HP-UX
1834650 Members
1978 Online
110069 Solutions
New Discussion

Re: limit logins to members of a specific group

 
Rick Garland
Honored Contributor

‎11-18-2003 08:27 AM

‎11-18-2003 08:27 AM

limit logins to members of a specific group

Hi all:

HPUX 11.00 on L2000 hardware.

I seem to be an early case for dementia...

How can I limit logins to a system by group membership? Only those users that are a member of the sysadmin group can login, everybody else is prevented from login to the system.

Many thanks!
0 Kudos
Reply
5 REPLIES 5
John Poff
Honored Contributor

‎11-18-2003 08:29 AM

‎11-18-2003 08:29 AM

Re: limit logins to members of a specific group

Hi,

One way to do it might be to put some code in /etc/profile to check the valid group and exit otherwise.

JP
0 Kudos
Reply
Michael Tully
Honored Contributor

‎11-18-2003 08:47 AM

‎11-18-2003 08:47 AM

Re: limit logins to members of a specific group

As far as I know you can't without doing some hacking. As suggested by SEP you could do a test from within /etc/profile to check the group at the login stage, or just create a secondary /etc/passwd file with only those entries with the actual group involved.
BTW: I didn't know you suffered from dementia ... ;^) (Must be that rocky mountain air)
Anyone for a Mutiny ?
0 Kudos
Reply
Michael Tully
Honored Contributor

‎11-18-2003 09:06 AM

‎11-18-2003 09:06 AM

Re: limit logins to members of a specific group

Hi Rick,

I had a look around and couldn't find an exact example of allowing just certain groups, but the below posting has some on actual users and multiple users.

http://forums1.itrc.hp.com/service/forums/parseCurl.do?CURL=%2Fcm%2FQuestionAnswer%2F1%2C%2C0x431472106351d5118fef0090279cd0f9%2C00.html&admit=716493758+1069192693577+28353475

Cheers
Michael
Anyone for a Mutiny ?
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎11-18-2003 09:28 AM

‎11-18-2003 09:28 AM

Re: limit logins to members of a specific group

I'm reading Michael's first post. It seems familiar, but I can't remember being on this topic.

Anyway, I looked at the who command it provides nothing.

Here is how I'd do the hack.

I'd use awk -F to get the group number from the /etc/passwd file. I think its the forth field. $4

Put it in a variable.

Then decision making based on what I get back.

if [ $GROUP -eq 200 ] then
echo "You are not authorized for log in."
echo "You have been a very naughty user."
exit 1
fi

I'll work on the awk command and if I get it, I'll post it up.

SEP



Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎11-18-2003 09:45 AM

‎11-18-2003 09:45 AM

Re: limit logins to members of a specific group

Here is the hack.

It assumes $LOGNAME variable is set.

tfile=/tmp/$$.dat

grep -i $LOGNAME /etc/passwd > $tfile
for grp in `awk '{ FS=":"; print $4 }' $tfile`
do
# $user=`awk '{ FS=","; print $1 }' $userstring`
# passwd -r file -n $MINDAYS -x $MAXDAYS $user
echo "$grp"
# passwd -f $user
# passwd -x 48 $user
# /usr/lbin/modprpw -l -k $user
# useradd -m $user
# echo "Command2: passwd -f $user "
done

rm $tfile

That gets you the group id, which was much harder than I thought it would be to get. This only gets the primary group though.

Combined with the last post, thats how I'd do it. I'm also quite glad I DON'T have to do such things. This one gave me a headache.

I'm going home now to watch my kids. I sense another headache coming on.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.