HPE Community
Operating System - HP-UX
1826373 Members
4559 Online
109692 Solutions
New Discussion

Re: Locking User - Effect

 
SOLVED
Go to solution
joe_91
Super Advisor

‎10-19-2005 08:13 AM

‎10-19-2005 08:13 AM

Locking User - Effect

Team:

What would be the best way to lock a user and how?(both /etc/passwd and NIS) Also two more questions..

1. If the root su's to the locked user-id will it succeed?

2. will the locked users' cron job still run?

Thanks

Joe.
0 Kudos
Reply
11 REPLIES 11
Mel Burslan
Honored Contributor

‎10-19-2005 08:26 AM

‎10-19-2005 08:26 AM

Re: Locking User - Effect

to lock a user

on a trusted system
/usr/lbin/modprpw -m alock=YES username

on an untrusted system
passwd -l username

1. yes, root will be able to su to a locked out account

2. no, a locked out user's cron jobs will not run
________________________________
UNIX because I majored in cryptology...
0 Kudos
Reply
Ranjith_5
Honored Contributor

‎10-19-2005 08:35 AM

‎10-19-2005 08:35 AM

Re: Locking User - Effect

Hi Joe,

On a trusted system, to lock a user ID, issue the command
----------------------------------------------------------------

#/usr/lbin/modprpw -m alock=YES
======================================================

To unlock the user ID which is locked.
------------------------------------------

#/usr/lbin/modprpw -k


su can be done by root eventhough the account is locked out OR password is expired.

cronjob wont run for those users whose account is locked.


Regards,
Syam
0 Kudos
Reply
Alan Meyer_4
Respected Contributor

‎10-19-2005 08:39 AM

‎10-19-2005 08:39 AM

Re: Locking User - Effect

I just ran some tests on this and a locked user's cron jobs will still run.
" I may not be certified, but I am certifiable... "
0 Kudos
Reply
Ranjith_5
Honored Contributor

‎10-19-2005 08:53 AM

‎10-19-2005 08:53 AM

Re: Locking User - Effect

Alan,

are u sure on this? I havent seen this..can u confirm


Regards,
Syam
0 Kudos
Reply
Alan Meyer_4
Respected Contributor

‎10-19-2005 09:04 AM

‎10-19-2005 09:04 AM

Solution

Re: Locking User - Effect

I just reproduced it again. Both in a NIS and in a local environment. Think about, locking the uid just locks the password on the account. By that, it prevents access to the account from the outside.

root can still su to the account and run programs and own processes, so the account can still own and run processes, you just can't log in to it.

The crontab file for the account still exists so cron runs the jobs that exist in the crontab file. Cron does not know, or care if the password is active or not. It just cares that the uid is valid enough to own the process to run the job.
" I may not be certified, but I am certifiable... "
Reply
joe_91
Super Advisor

‎10-19-2005 09:13 AM

‎10-19-2005 09:13 AM

Re: Locking User - Effect

wonderful..so the root can su and the cronjobs will run..to summarize..

Thanks

Joe.
0 Kudos
Reply
Alan Meyer_4
Respected Contributor

‎10-19-2005 09:14 AM

‎10-19-2005 09:14 AM

Re: Locking User - Effect

That's what my tests have shown.

" I may not be certified, but I am certifiable... "
Reply
Ranjith_5
Honored Contributor

‎10-19-2005 01:50 PM

‎10-19-2005 01:50 PM

Re: Locking User - Effect

Good finding...Joe kindly assign assign points to Alan.


Regards,
Syam
0 Kudos
Reply
joe_91
Super Advisor

‎10-19-2005 11:15 PM

‎10-19-2005 11:15 PM

Re: Locking User - Effect

Thanks folks. yeah good finding..

Joe

0 Kudos
Reply
Bill Hassell
Honored Contributor

‎10-20-2005 01:35 AM

‎10-20-2005 01:35 AM

Re: Locking User - Effect

The reason that cron still runs on a locked user account is that cron does not login. It runs the jobs on behalf of the owner but does not login. That's why there is a minimal environemnt (no profiles are run unles part of the actual job).


Bill Hassell, sysadmin
Reply
joe_91
Super Advisor

‎10-20-2005 02:00 AM

‎10-20-2005 02:00 AM

Re: Locking User - Effect

Thanks Bill..

Joe
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.