HPE Community
Operating System - HP-UX
1832181 Members
2753 Online
110038 Solutions
New Discussion

restricting access

 
SOLVED
Go to solution
trystan macdonald
Occasional Advisor

‎02-07-2003 04:14 AM

‎02-07-2003 04:14 AM

restricting access

Hi,
Does anyone now how to quickly restrict login access to root and informix users without deleting other accounts on the system.
Thanks,
Trystan.
0 Kudos
Reply
4 REPLIES 4
Pete Randall
Outstanding Contributor

‎02-07-2003 04:21 AM

‎02-07-2003 04:21 AM

Re: restricting access

Trystan,

Well, there's the nologin feature of /etc/default/security, but that keeps everyone but root out. For more granularity, you would need to have a global login script (like /etc/profile) and do some sort of checking in there, like for the presence of a file called /etc/justrootandinformix, and do an exit for everyone else.

Pete

Pete
0 Kudos
Reply
Robert-Jan Goossens
Honored Contributor

‎02-07-2003 04:23 AM

‎02-07-2003 04:23 AM

Re: restricting access

Hi Trystan,

root login only on console and su -

#echo console >> /etc/securetty

informix,
take a look at next link,
http://forums.itrc.hp.com/cm/QuestionAnswer/1,,0x59d7cdec06f1d61190050090279cd0f9,00.html

Robert-Jan.
0 Kudos
Reply
Thierry Poels_1
Honored Contributor

‎02-07-2003 04:25 AM

‎02-07-2003 04:25 AM

Solution

Re: restricting access

Hi,

- vipw and add comment sign (or anything else) to username or password for non-administrative users. Remove this later to allow access again.

- edit /etc/profile: check on loginname and exit if different from root,informix,...

- ...

Stay logged in on one terminal, and test login. Don't lock yourself out.

good luck,
Thierry.
All unix flavours are exactly the same . . . . . . . . . . for end users anyway.
Reply
Steven E. Protter
Exalted Contributor

‎02-07-2003 06:11 AM

‎02-07-2003 06:11 AM

Re: restricting access

Just a little note. Any user id below 100 is for the system. Don't mess with those. If you delete them your system could have a major malfuncion. Don't change their entries in /etc/profile because they need the priviledges they have.

You can set up a file called /var/adm/inetd.sec

This can let you fine tune who can access the system by what protocol and where.

If this is a security issue, you might find the Bastille security hardeninig utility of use. I've included a link.

https://payment.ecommerce.hp.com/cgi-bin/swdepot_parser.cgi/cgi/try.pl?productNumber=B6849AA&date=

P
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.