HPE Community
Operating System - HP-UX
1846246 Members
5570 Online
110255 Solutions
New Discussion

Re: Restricted login

 
SOLVED
Go to solution
Marcelo De Florio
Frequent Advisor

‎08-23-2000 10:08 AM

‎08-23-2000 10:08 AM

Restricted login

How can I restrict the login for users to one device (eg: console) ?

MDF
0 Kudos
Reply
6 REPLIES 6
Antoanetta Naghiu
Esteemed Contributor

‎08-23-2000 10:11 AM

‎08-23-2000 10:11 AM

Re: Restricted login

Edit /etc/securetty.
"Only root can successfully login on the ttys listed in this file" - qoutes from man login.
So, have /etc/securetty as
console
0 Kudos
Reply
James R. Ferguson
Acclaimed Contributor

‎08-23-2000 10:23 AM

‎08-23-2000 10:23 AM

Re: Restricted login

Hi:

Assuming that the user(s) in question always looged on from a static name device (most notably 'console') then you could always exit in their .profile.

...JRF...
0 Kudos
Reply
Bill Hassell
Honored Contributor

‎08-23-2000 11:12 AM

‎08-23-2000 11:12 AM

Solution

Re: Restricted login

Since there are many ways to login (telnet, terminal, console, modem, rlogin), there may be several answers. The easiest for 'normal' UNIX logins (terminals, modems, telnet) is to edit /etc/profile. (.profile can be edited or removed by users) In /etc/profile, you would write a test to look for the user's login name in a file and compare that user with the allowed terminal. You can read the user's login in /etc/profile with the whoami command and the terminal name with the tty command.


Bill Hassell, sysadmin
Reply
Antoanetta Naghiu
Esteemed Contributor

‎08-23-2000 12:01 PM

‎08-23-2000 12:01 PM

Re: Restricted login

.profile is under user ownership. Can be modified by the owner anytime.
0 Kudos
Reply
Antoanetta Naghiu
Esteemed Contributor

‎08-23-2000 12:08 PM

‎08-23-2000 12:08 PM

Re: Restricted login

And, sorry for the /etc/securetty, I did not read care fully the question.
If your concern is about a group of users, and the environment permited, you can play with different run levels. (define diferent entry in inittab file).
0 Kudos
Reply
Duane Gorder
Advisor

‎08-23-2000 12:16 PM

‎08-23-2000 12:16 PM

Re: Restricted login

The user does not have to own his .profile. Even if it is owned by root and it does not have write permissions for the user, it will work as long as it has read and execute permissions either for a group that the user belongs to or for the world.
Live each season as it passes; breathe the air,
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.