HPE Community
Operating System - HP-UX
1754845 Members
5328 Online
108826 Solutions
New Discussion юеВ

restrict inactive user accounts

 
unixadmin_1
Frequent Advisor

тАО01-06-2009 05:30 AM

тАО01-06-2009 05:30 AM

restrict inactive user accounts

Inactive user accounts were still present on the system. Eight hundred and two (37%) users had not logged on for 60 days, while 353 (13%) users had not logged on for 90 days. Inactive accounts are attractive targets that are often exploited to gain unauthorised access because the authorised users of such accounts are unlikely to notice someone breaking into and using them. Also, by using an existing account, the unauthorised user is less likely to draw the attention of the system administrator than if a new account is opened.
0 Kudos
18 REPLIES 18
Ganesan R
Honored Contributor

тАО01-06-2009 05:46 AM

тАО01-06-2009 05:46 AM

Re: restrict inactive user accounts

Hi,

You can deactivate the inactive accounts if the system is trusted.

Best wishes,

Ganesh.
0 Kudos
yulianto piyut
Valued Contributor

тАО01-06-2009 05:48 AM

тАО01-06-2009 05:48 AM

Re: restrict inactive user accounts

u can restrict by editing /etc/passwd file, edit the shell of user to /usr/bin/false or /bin/false. go to cissecurity to get manual book.
0 Kudos
Rita C Workman
Honored Contributor

тАО01-06-2009 09:02 AM

тАО01-06-2009 09:02 AM

Re: restrict inactive user accounts

Well you seem to know who these folks are....so why not output their login-ids to a file, then run them through a simple loop to lock those inactive accounts....

for a `cat /inactive-login_ids.lis`
do
/usr/bin/passwd -l $a
done

You can dress it up....but it gives you an idea.

Rgrds,
Rita
0 Kudos
change owners
New Member

тАО01-07-2009 12:31 AM

тАО01-07-2009 12:31 AM

Re: restrict inactive user accounts

as i am new to hpux, can you please send me complete code where i can restrict these passwords..Thank you
0 Kudos
prasadb
Super Advisor

тАО01-07-2009 02:59 AM

тАО01-07-2009 02:59 AM

Re: restrict inactive user accounts

hello unixadmin,

" for a `cat /inactive-login_ids.lis`
do
/usr/bin/passwd -l $a
done "

the point of Rita is only that if you already know the user accounts that are inactive for many days, make a list and then use

for a cat
do
/usr/bin/passwd -l $a
done

Best Regards,
prasad
0 Kudos
Dennis Handly
Acclaimed Contributor

тАО01-07-2009 03:35 AM

тАО01-07-2009 03:35 AM

Re: restrict inactive user accounts

>prasadb: make a list and then use

A better form without evil cat would be:
for a in $(< list-you-created); do
/usr/bin/passwd -l $a
done
0 Kudos
unixadmin_1
Frequent Advisor

тАО01-19-2009 04:11 AM

тАО01-19-2009 04:11 AM

Re: restrict inactive user accounts

Please send me step by step process from the begining and please elaborate this issue ..I am beginer to unix environment..i got job as a fresher ...i couldnt understand one thing most of the answers i observed in HP forums are incomplete..if you dont mind please let me know how to execute this script and under what directory the code is executed..Please let me know the step by step process ...I just know how to login...and fes commands..thats it Thank you
0 Kudos
Peter Nikitka
Honored Contributor

тАО01-19-2009 06:50 AM

тАО01-19-2009 06:50 AM

Re: restrict inactive user accounts

Hi "unixadmin",

some thoughts to your question and answers:
Do you have a list of these user accounts?
If not: get it.

Which format does this list have?
Create a file named 'inactive.lis' out of this list, having one user account in one line, if the list has not already this format.

Now copy or type the three lines of Dennis' answer in the command line:
for a in $(do /usr/bin/passwd -l $a
done

mfG Peter

PS: Do you know how to create a file?
The Universe is a pretty big place, it's bigger than anything anyone has ever dreamed of before. So if it's just us, seems like an awful waste of space, right? Jodie Foster in "Contact"
0 Kudos
Patrick Wallek
Honored Contributor

тАО01-19-2009 07:54 AM

тАО01-19-2009 07:54 AM

Re: restrict inactive user accounts

>>.I just know how to login

Then what are you doing in a System Administrator role? It sounds like you are extremely underqualified for the job.
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.