HPE Community
Operating System - HP-UX
1833758 Members
2823 Online
110063 Solutions
New Discussion

Preventing groups of users from logging in

 
Matt Rieman
Contributor

‎12-02-2002 08:11 AM

‎12-02-2002 08:11 AM

Preventing groups of users from logging in

Hi,

What's the easiest way to prevent groups of users from logging into an HP-UX 10.20 system?

Thanks,

Matt Rieman
0 Kudos
Reply
7 REPLIES 7
Pete Randall
Outstanding Contributor

‎12-02-2002 08:15 AM

‎12-02-2002 08:15 AM

Re: Preventing groups of users from logging in

Matt,

Here's a link which talks about the "nologin" feature. That may be of some help. The only other thing I can think of is to trap them in /etc/profile and throw them out there.

Pete

Pete
0 Kudos
Reply
Pete Randall
Outstanding Contributor

‎12-02-2002 08:19 AM

‎12-02-2002 08:19 AM

Re: Preventing groups of users from logging in

Matt,

In particular, the link provided by U.SivaKumar shows an example of preventing user login via a script.

Pete

Pete
0 Kudos
Reply
MANOJ SRIVASTAVA
Honored Contributor

‎12-02-2002 08:20 AM

‎12-02-2002 08:20 AM

Re: Preventing groups of users from logging in

Hi Matt


you can add the following in the /etc/profile which will throw a specific group of people out :

groupid=`groups | awk '{print $1}'`

echo $groupid
if [ $groupid = oracle ]
then
exit
fi

Manoj Srivastava
0 Kudos
Reply
Tomek Gryszkiewicz
Trusted Contributor

‎12-02-2002 08:39 AM

‎12-02-2002 08:39 AM

Re: Preventing groups of users from logging in

You can also change the shell of a specified users to eg. "/usr/bin/false"

Regards,
Tomek
0 Kudos
Reply
Matt Rieman
Contributor

‎12-02-2002 08:47 AM

‎12-02-2002 08:47 AM

Re: Preventing groups of users from logging in

Pete,

How do I find the link provided by U.Sivakumar?

Matt
0 Kudos
Reply
Pete Randall
Outstanding Contributor

‎12-02-2002 08:51 AM

‎12-02-2002 08:51 AM

Re: Preventing groups of users from logging in

Matt:

I'm very sorry, I thought I pasted the link. Anyway, here's the first link:

http://forums.itrc.hp.com/cm/QuestionAnswer/1,,0xb0d2a848deccd61190050090279cd0f9,00.html

and the particular one:

http://www.interex.org/pubcontent/enterprise/jul01/09uxqa.html

Pete

Pete
0 Kudos
Reply
Wodisch
Honored Contributor

‎12-02-2002 09:54 AM

‎12-02-2002 09:54 AM

Re: Preventing groups of users from logging in

Hi Matt,

be careful to NOT forget the graphical logins, ie.e. CDE/XDM!
So for TELNET/SSH/RLOGIN/REMSH/XDM logins to be restricted you'll have to modify e.g. "/etc/profile" (for the first four of them, but only in the case they use "ksh" or "sh" or "bash", but NOT "csh"), and for the latter it would be "/etc/dt/config/Xstartup":
- check for the restrictiions you want, like number of existing logins: n=$(who -u|grep "^$LOGNAME "|wc -l)
- then use the exit code to restirct: if [ $n -gt 5 ]; then exit 1; fi

HTH,
Wodisch
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.