HPE Community
Operating System - HP-UX
1833323 Members
2995 Online
110051 Solutions
New Discussion

Restrict non-root user login

 
SOLVED
Go to solution
David Lieberman_1
Frequent Advisor

‎02-21-2002 10:40 AM

‎02-21-2002 10:40 AM

Restrict non-root user login

I have two 11.00 trusted systems. I want to restrict a non-root account from CDE and telnet logins so that users must su to it to use the account. The account still needs a shell, so setting the account's shell to /sbin/false is not an appropriate solution.

Regards,
David Lieberman
0 Kudos
Reply
5 REPLIES 5
Sanjay_6
Honored Contributor

‎02-21-2002 10:49 AM

‎02-21-2002 10:49 AM

Re: Restrict non-root user login

Hi David,

Try this link on how can restrict a user from doing telnet. They can however su to the userid.

http://us-support2.external.hp.com/cki/bin/doc.pl/sid=e717c00a0d699871b1/screen=ckiDisplayDocument?docId=200000051899524

Hope this helps.

Regds
Reply
Sanjay_6
Honored Contributor

‎02-21-2002 10:52 AM

‎02-21-2002 10:52 AM

Solution

Re: Restrict non-root user login

Hi David,

To restrict CDE access, you can try this,

http://us-support3.external.hp.com/cki/bin/doc.pl/sid=15c508ab061df62797/screen=ckiDisplayDocument?docId=200000058693861

Hope this helps.

Regds
Reply
S.K. Chan
Honored Contributor

‎02-21-2002 10:53 AM

‎02-21-2002 10:53 AM

Re: Restrict non-root user login

In the case of CDE login restriction, perhaps you can try this.
Put Xsession.d script to identify authorized users. Scripts in /etc/dt/config/Xsession.d will be sourced by CDE Xsession at login.

Example :-
/etc/dt/config/Xsession.d/0001.restrict:

case "$USER" in
root|lpd|johnb)
:
;;

*)
/usr/dt/bin/dterror.ds 'Login to CDE denied for user: $USER\n' 'nologin'
exit 1
;;
esac

0 Kudos
Reply
David Lieberman_1
Frequent Advisor

‎02-21-2002 11:40 AM

‎02-21-2002 11:40 AM

Re: Restrict non-root user login

Thanks Sanjay and S.K. Chan. Regarding the telnet issue, to prevent the user from changing its .profile, root must control it (not mentioned in the doc).
0 Kudos
Reply
thebeatlesguru
Regular Advisor

‎02-21-2002 05:49 PM

‎02-21-2002 05:49 PM

Re: Restrict non-root user login

For Bourne and POSIX shells, add the following to /etc/profile:

#unsupported statements to prevent users from login but allow su.
name=`logname`
if [ $name = username ]
then
echo $name not allowed to login...only su
exit
fi
#end

i add it to my /etc/profile,but it does work,what's wrong?
following is :
name=`logname`
if [ $name = pin2 ]
then
echo " $name not allowed to login..only su"
exit
fi

hihi
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.