HPE Community
Operating System - HP-UX
1833981 Members
1712 Online
110063 Solutions
New Discussion

Re: Restricting No Of Users

 
donne007
Regular Advisor

‎11-26-2002 06:12 PM

‎11-26-2002 06:12 PM

Restricting No Of Users

Hi,
I want to Restrict my Hp9000 Box to a specific No of People(ie 50 ) to Access. How do i Restrict the no of users without recfging the Kernel, , If it's possible how do i find the No of Users Logged in and Kill the Users-logins exceeding the Specific No.

Thanks In ADvance
Asif
0 Kudos
Reply
9 REPLIES 9
Michael Tully
Honored Contributor

‎11-26-2002 06:17 PM

‎11-26-2002 06:17 PM

Re: Restricting No Of Users

One of the best ways is actually limit the number of psuedo ttys that are available.

The kernel parameters for this are:

npty
nstrpty
nstrtel
These are for HPUX 11.
The default in the kernel is 60.
Anyone for a Mutiny ?
0 Kudos
Reply
Michael Tully
Honored Contributor

‎11-26-2002 06:39 PM

‎11-26-2002 06:39 PM

Re: Restricting No Of Users

There is another way to do this. You could generate a script that looks at the number of users on the system. When that number has been reached, a file is created. When the next user attempts to login, the /etc/profile will make reference to it and give a nice message to the user "System Usage at peak, try again later" terminating the session.
Anyone for a Mutiny ?
0 Kudos
Reply
harry d brown jr
Honored Contributor

‎11-26-2002 06:51 PM

‎11-26-2002 06:51 PM

Re: Restricting No Of Users


I like Michaels method better - the script/.profile idea because it allows you to get creative and changes won't require a reboot - those kernel parameters will force a reboot.

Plus, with a script/.profile, you could "always" allow certain CRITAL users access to the system, or even a "GROUP" of users.

live free or die
harry
Live Free or Die
0 Kudos
Reply
Niraj Kumar Verma
Trusted Contributor

‎11-26-2002 07:24 PM

‎11-26-2002 07:24 PM

Re: Restricting No Of Users

Hi,


hey if you want to restrict specific 50 login id's you can use the script below.

careate a list of 50 login Id's in /etc/Login_Allowed

# vi /etc/Login_Allowed

:root:
:user1:
:user2:

Put this script into your /etc/profile

===================================
#!/bin/sh

Access_List=/etc/Login_allowed
Login_Name=`/usr/bin/logname`


if [ -f /etc/Login_allowed ]
then

Allowed=`grep ":$(logname):" /etc/Login_allowed | awk -F":" '{print $2}'`


if [ "_$Login_Name" != "_$Allowed" ]
then
echo " You are not authorise !"
exit 0
else
echo " Login Sucessfull !!"
fi
fi


===================================

-Niraj
Niraj.Verma@philips.com
0 Kudos
Reply
Chris Wong
Trusted Contributor

‎11-26-2002 08:53 PM

‎11-26-2002 08:53 PM

Re: Restricting No Of Users

In addition, you can use the NUMBER_OF_LOGINS_ALLOWED parameter in the /etc/default/security file (man 4 security) to force no concurrent sessions. (root is exempt).

- Chris
0 Kudos
Reply
Thomas M. Williams_1
Frequent Advisor

‎12-02-2002 09:16 AM

‎12-02-2002 09:16 AM

Re: Restricting No Of Users

In regards to Chris' suggestion, how does "/etc/default/security" concurrent logins work? I do not have man page.
I Think the Clock is Slow ...
0 Kudos
Reply
Shannon Petry
Honored Contributor

‎12-02-2002 09:33 AM

‎12-02-2002 09:33 AM

Re: Restricting No Of Users

I believe that the concurrant logins is part of the HP secure system, and not standard.

Another easy way to accomplish this is by adding this line to /etc/profile
set -i
LOGGED_IN=`who | wc -l`
if [ ${LOGGED_IN} -gt 50 ] ; then
echo "System limit of 50 users reached. Contact System Adminstrator for help"
exit 0
fi

Regards,
Shannon
Microsoft. When do you want a virus today?
0 Kudos
Reply
Bill Hassell
Honored Contributor

‎12-02-2002 10:05 AM

‎12-02-2002 10:05 AM

Re: Restricting No Of Users

The man page for security is missing for 11.0 and non-functional if you don't have the latest security patches. It does not require a Trusted system for every option to work (PASSWORD_HISTORY_DEPTH does require a Trusted system). The man page exists for 11.11 and can be viewed at docs.hp.com (search for /etc/default/security). The man pages at docs.hp.com (and 1i) are still not quite complete. If you check itrc.hp.com for security patches (look for libpam) you can see the other options that have been added. You'll need to have PHCO_26089 (or replacement if superceeded) for 11.0.

Note that there is no code for /etc/default/security in the obsolete 10.20 version of HP-UX.


Bill Hassell, sysadmin
0 Kudos
Reply
Theresa Patrie
Regular Advisor

‎12-02-2002 10:47 AM

‎12-02-2002 10:47 AM

Re: Restricting No Of Users

The "who" command by itself will give you an inflated number of users because if a user has more than one tty open, it will get reported and counted in the list. If you have 5 users logged in and each has 5 windows open, you'd get a count of 25 users! You'd have to add to your script to strip out duplicate names.
This is my easy job!
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.