HPE Community
Operating System - HP-UX
1855039 Members
7535 Online
104109 Solutions
New Discussion

Re: restricted user account

 
SOLVED
Go to solution
Elena Leontieva
Esteemed Contributor

‎09-04-2003 12:16 PM

‎09-04-2003 12:16 PM

restricted user account

Hi,

Can I create a user account that could not start a telnet or X Windows sessions.

Thanks in advance.
Elena.
0 Kudos
Reply
6 REPLIES 6
Mark Grant
Honored Contributor

‎09-04-2003 12:20 PM

‎09-04-2003 12:20 PM

Solution

Re: restricted user account

Maybe you could start the user with a restricted shell (rsh on HP-UX) and modify the users PATH so they couldn't access the commands. Can't remember if a restricted shell stops you setting a new PATH but you could probably set it as a read only variable with "typeset -r".

Not sure if this is good enough though.
Never preceed any demonstration with anything more predictive than "watch this"
Reply
Brian Bergstrand
Honored Contributor

‎09-04-2003 12:24 PM

‎09-04-2003 12:24 PM

Re: restricted user account

I take it you don't want them logging in then. Or do you want ssh/console only? If you want a no login account, just make sure a * is the password field of /etc/passwd. No login allowed, but you can still run processes as the user.

HTH.
0 Kudos
Reply
Andrew Cowan
Honored Contributor

‎09-06-2003 04:22 AM

‎09-06-2003 04:22 AM

Re: restricted user account

Hi Elena,

You can start a user in a chroot jail and then they can only execute specific commands.

The other is with ACL's but this depends on what type of filesystem you are using.

Good luck,
Andrew
Reply
Sridhar Bhaskarla
Honored Contributor

‎09-06-2003 06:38 AM

‎09-06-2003 06:38 AM

Re: restricted user account

Hi Elena,

You could modify /etc/profile|csh.login and Xstartup files to disallow the user from telnet or Xwindows.

However /etc/profile|csh.login is not a 100% shield. I would go with Brian's suggestion to create a user with disabled password. Install sudo and gives rights to the users that need to 'su' to this account and startup the processes.

-Sri
You may be disappointed if you fail, but you are doomed if you don't try
Reply
Glen Trevino
Advisor

‎09-06-2003 08:59 AM

‎09-06-2003 08:59 AM

Re: restricted user account

One of the things I do for automated ftp accounts is to set their login shells in the passwd file to /sbin/false so they cannot start a shell vi telnet,rsh,ssh etc. But I don't think this will stop an X windows login. If you set the password field to '*', that will disallow logins all together.

What is this user account for?
Reply
Elena Leontieva
Esteemed Contributor

‎09-08-2003 06:07 AM

‎09-08-2003 06:07 AM

Re: restricted user account

Hi,

They want to have an account for printing only ( no telnet or X Windows sessions). The problem is that a print request from HP passes through multiple machines. Currently the only way to separate the different print jobs for accounting purposes ( billing the clients) is the user account ( login name on HP system). Operators who do the printing for, say two clients have the same login names on two HP systems running these two applications. So because the user login name is the only information passed to the billing program, it can not distinguish between two clients and charge them correctly.

Thank you for the responses.
Elena.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.