HPE Community
Operating System - HP-UX
1834780 Members
2979 Online
110070 Solutions
New Discussion

Re: Restricting root login from CDE

 
sheevm
Regular Advisor

‎08-05-2002 10:22 AM

‎08-05-2002 10:22 AM

Restricting root login from CDE

Hi!

I like to restrict root login from the terminals. Users come to the unix box through exceed and CDE.

Telnet from the unix to unix box is working fine. Users have to do su - root to logon as root from the terminals. But if they connect from CDE it lets them login as root.

Does anyone out there guide me how to make this work? HP-UX 11.00

Thanks in advance
be good and do good
0 Kudos
Reply
8 REPLIES 8
Sanjay_6
Honored Contributor

‎08-05-2002 10:26 AM

‎08-05-2002 10:26 AM

Re: Restricting root login from CDE

Hi Raji,

Take a look at this thread,

http://support1.itrc.hp.com/service/cki/docDisplay.do?docLocale=en_US&docId=200000045437203

The Doc id is KBRC00000074

Hope this helps.

Regds
0 Kudos
Reply
harry d brown jr
Honored Contributor

‎08-05-2002 10:27 AM

‎08-05-2002 10:27 AM

Re: Restricting root login from CDE

try this thread:

http://forums.itrc.hp.com/cm/QuestionAnswer/1,,0x09c1119c3420d411b66300108302854d,00.html

or this

http://forums.itrc.hp.com/cm/QuestionAnswer/1,,0x99d8a135f587d5118ff00090279cd0f9,00.html

Search string used: restricting root logins cde

live free or die
harry
Live Free or Die
0 Kudos
Reply
Sanjay_6
Honored Contributor

‎08-05-2002 10:29 AM

‎08-05-2002 10:29 AM

Re: Restricting root login from CDE

Hi Raji,

Or you can try this thread,

http://support1.itrc.hp.com/service/cki/docDisplay.do?docLocale=en_US&docId=200000052479472

The doc id is S3100000413

Hope this helps.

Regds
0 Kudos
Reply
MANOJ SRIVASTAVA
Honored Contributor

‎08-05-2002 10:36 AM

‎08-05-2002 10:36 AM

Re: Restricting root login from CDE

Hi Raji

What we do is like that . Edit /etc/profile and put the folliwing lines :


loginid=`who am i | awk '{print $1}'`

echo $loginid
if [ $loginid = root ]
then
exit
fi


this will disable any logins to root , and then all users will ahve to login as non root and tehn su to root.


Manoj Srivastava
0 Kudos
Reply
sheevm
Regular Advisor

‎08-05-2002 10:58 AM

‎08-05-2002 10:58 AM

Re: Restricting root login from CDE

Hi Manoj:

I tried what you are saying but when I did su - root also failed to login. Does "su" also executes /etc/profile. But I tested it for $LOGNAME.

Raji
be good and do good
0 Kudos
Reply
MANOJ SRIVASTAVA
Honored Contributor

‎08-05-2002 11:04 AM

‎08-05-2002 11:04 AM

Re: Restricting root login from CDE

Raji


the trick is that

whoami and id are differtn things so if you login as root /etc/profile will set the value of loginid as root and throw you out , however if you login as raji it will set the value of loginid as raji and will not throw you out bcoz the id is not root , so no one can login as root and to login as root you need to su to root.

This will be true for console too as /etc/profile is excuted when u do a su also .



Manoj Srivastava
0 Kudos
Reply
Tom Dawson
Regular Advisor

‎08-05-2002 11:22 AM

‎08-05-2002 11:22 AM

Re: Restricting root login from CDE

Raji,

Remember, there is a difference between "su - root" and "su root". If you execute "su root", /etc/profile does not get executed.

HTH,
Tom
0 Kudos
Reply
Niraj Kumar Verma
Trusted Contributor

‎08-05-2002 08:26 PM

‎08-05-2002 08:26 PM

Re: Restricting root login from CDE

Try this

Put this into your /etc/profile


uid=`id -u`

if [ $uid -ne 0 ]
then
echo "You are not Authorised to Login"
sleep 5
exit 0
fi


Regards
-Niraj
Niraj.Verma@philips.com
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.