HPE Community
Operating System - HP-UX
1832858 Members
2567 Online
110048 Solutions
New Discussion

Re: Questions on stoping user from logging in

 
SOLVED
Go to solution
Mike_305
Super Advisor

‎09-30-2004 09:28 AM

‎09-30-2004 09:28 AM

Questions on stoping user from logging in

Hi,

I have 1200 user on my rp7410 system and does any one has any idea on how can I stop this users from logging in to the system.

I only want root to have access during the maintenance time.

Thanks,

Mike
If there is problem then don't think as problem, think as opportunity.
0 Kudos
16 REPLIES 16
Michael Tully
Honored Contributor

‎09-30-2004 09:34 AM

‎09-30-2004 09:34 AM

Re: Questions on stoping user from logging in

A real simple solution. Make a copy the /etc/passwd file and remove all lines except for the users you want to login. When your finished your maintenance, move the copy back.
Anyone for a Mutiny ?
0 Kudos
Sundar_7
Honored Contributor

‎09-30-2004 09:36 AM

‎09-30-2004 09:36 AM

Solution

Re: Questions on stoping user from logging in

Sure, there is a much better and supported way of doing it :-)

What is the OS version ? 11.0 or 11i ?

# vi /etc/default/security
NOLOGIN=1
#

# touch /etc/nologin

Now only root will be able to logon to the system.

If 11.0, you need to install a patch that enables login framework to use /etc/default/security file.
Learn What to do ,How to do and more importantly When to do ?
0 Kudos
Victor BERRIDGE
Honored Contributor

‎09-30-2004 09:37 AM

‎09-30-2004 09:37 AM

Re: Questions on stoping user from logging in

Or change permission on /home (that is if you users are here) to read only (remove the execute)
...

All the best
Victor
(Yep I just finished a bottle of wine.and I know I should go to bed...)
0 Kudos
Rick Garland
Honored Contributor

‎09-30-2004 09:38 AM

‎09-30-2004 09:38 AM

Re: Questions on stoping user from logging in

You can use /etc/security and input nologin. If the /etc/nologin file exists this will take effect. This is a new feature in 11.11

For earlier versions modify the /etc/profile to do checks of the user and of the existence of a /etc/nologin file. If the /etc/nologin file exists and user is not root then exit.

0 Kudos
A. Clay Stephenson
Acclaimed Contributor

‎09-30-2004 09:41 AM

‎09-30-2004 09:41 AM

Re: Questions on stoping user from logging in

Creat a file "/etc/nologin" owned by root

echo "" > /etc/nologin

Next, add this entry to /etc/default/security:
NOLOGIN=1

Now only root will be allowed to login; other users will be denied access and a message explaining why will be issued.

To revert to normal behavior, set NOLOGIN=0.

If it ain't broke, I can fix that.
0 Kudos
Mike_305
Super Advisor

‎09-30-2004 10:01 AM

‎09-30-2004 10:01 AM

Re: Questions on stoping user from logging in

Hi,

Running 11i â installed from June 2004 O.S cd.

Last time I did this by removing the entry in password file and when the restore was done all my permission on files and directory were messed up.

I like Clay and Sundar's idea better. Just one question, does it do any thing with password file?

Also while I was writing the reply and all happy I check the system and there is security file in /etc/default

# pwd
/etc/default
# ll sec*
sec* not found
#


Thanks,

M
If there is problem then don't think as problem, think as opportunity.
0 Kudos
Mike_305
Super Advisor

‎09-30-2004 10:12 AM

‎09-30-2004 10:12 AM

Re: Questions on stoping user from logging in

Hi,

forgot to ask is can I just create the file call "NOLOGIN" under /etc and also create the directory called "security" in /etc/default.

Also, befor someone thinks that it's a patch issue, just to let you know I have the PHCO_27694 - s700_800 11.11 login(1) cumulative patch.

Thanks,

Mike
If there is problem then don't think as problem, think as opportunity.
0 Kudos
Sundar_7
Honored Contributor

‎09-30-2004 10:13 AM

‎09-30-2004 10:13 AM

Re: Questions on stoping user from logging in

Mike,

It does nothing to the /etc/passwd file and if the file is not present, you will have to create one.

- Sundar.
Learn What to do ,How to do and more importantly When to do ?
0 Kudos
Sundar_7
Honored Contributor

‎09-30-2004 10:14 AM

‎09-30-2004 10:14 AM

Re: Questions on stoping user from logging in

file name should be /etc/nologin (in lowercase letters).

/etc/default/security is a file and not a directory

# echo "NOLOGIN=1" >> /etc/default/security
# touch /etc/nologin

You are good to go.
Learn What to do ,How to do and more importantly When to do ?
0 Kudos
Mike_305
Super Advisor

‎09-30-2004 10:34 AM

‎09-30-2004 10:34 AM

Re: Questions on stoping user from logging in

Thanks Guys for quick reply.

What I will do without ITRC.

Thanks,

Mike
If there is problem then don't think as problem, think as opportunity.
0 Kudos
Victor BERRIDGE
Honored Contributor

‎09-30-2004 10:35 AM

‎09-30-2004 10:35 AM

Re: Questions on stoping user from logging in

Hi Mike,
About the security file:
http://docs.hp.com/hpux/onlinedocs/B3920-90091/B3920-90091.html

My previous mail was a joke...
I did this a long time ago (7 years ago) when I di a silly chmod 644 . forgot the reason now
And went off for lunch when I came back I had loads ofcomplaints of people that coulndt login.. I didnt see why since I could...
Teh reason: they were in /users and I in /home.
. was ./users
...


All the best
Victor
0 Kudos
Mike_305
Super Advisor

‎09-30-2004 10:47 AM

‎09-30-2004 10:47 AM

Re: Questions on stoping user from logging in

Hi Guys,

I try to change following message by putting contant in /etc/nologin file like.

"NO LOGIN ALLOWED" but it still display the following message.

Only superusers are allowed to login at this time due to the presence
of the file /etc/nologin and NOLOGIN option set in /etc/default/security
Logins not allowed at this time

How do I change the message?

Thanks,

Mike
If there is problem then don't think as problem, think as opportunity.
0 Kudos
Sundar_7
Honored Contributor

‎09-30-2004 11:02 AM

‎09-30-2004 11:02 AM

Re: Questions on stoping user from logging in

I dont believe you can change this message, Mike. Not that I am aware of.

Why not change the /etc/issue file and include the note?

1) Make sure telnetd has -b /etc/issue option defined in /etc/inetd.conf

# grep telnetd /etc/inetd.conf

2) echo "NO LOGINS ALLOWED DUE TO SYSTEM MAINTENANCE" >> /etc/issue

Learn What to do ,How to do and more importantly When to do ?
0 Kudos
Francis_12
Trusted Contributor

‎09-30-2004 11:03 AM

‎09-30-2004 11:03 AM

Re: Questions on stoping user from logging in

Hello Mike,

That's not possible, see here why :

# uname -r
B.11.11
# whereis login
login: /usr/bin/login /usr/share/man/man1.Z/login.1
# cd /usr/bin
# strings login | grep -i superuser
Only superusers are allowed to login at this time due to the presence

The message is hardcoded in the binary.

Hope this helps, Bye.

Francis.
0 Kudos
Mike_305
Super Advisor

‎09-30-2004 11:16 AM

‎09-30-2004 11:16 AM

Re: Questions on stoping user from logging in

Hi Francis,

I guess you are right but please look at this HP doc and it shows how to change the message.

Document id: KBRC00005800

http://www1.itrc.hp.com/service/cki/docDisplay.do?docLocale=en_US&docId=200000062907697

No wonder the the doc info was not working when I try.

Thanks guys.

Mike
If there is problem then don't think as problem, think as opportunity.
0 Kudos
Mike_305
Super Advisor

‎09-30-2004 11:21 AM

‎09-30-2004 11:21 AM

Re: Questions on stoping user from logging in

Francis was right. Can't change the message.

Thanks Guys.

Mike
If there is problem then don't think as problem, think as opportunity.
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.