HPE Community
Operating System - HP-UX
1828226 Members
2403 Online
109975 Solutions
New Discussion

Restricting user access

 
SOLVED
Go to solution
Paul Czetwertynski
Occasional Contributor

‎02-22-2001 04:49 AM

‎02-22-2001 04:49 AM

Restricting user access

Is there a way to restrict terminal session logons for specific users? (similar to securetty for root)
0 Kudos
Reply
5 REPLIES 5
MARTINACHE
Respected Contributor

‎02-22-2001 05:10 AM

‎02-22-2001 05:10 AM

Re: Restricting user access

Hi,

"man inetd.sec" will probably help you.

Regards,

Patrice.
Patrice MARTINACHE
0 Kudos
Reply
Steven Sim Kok Leong
Honored Contributor

‎02-22-2001 05:19 AM

‎02-22-2001 05:19 AM

Re: Restricting user access

Hi,

If you are using sshd v2 for remote sessions, then you can easily restrict user access from specific IP addresses by simply making use of the SSH2_CLIENT variable which reflects the IP address from which you connect from and the LOGNAME variable.

Using these two variables in /etc/profile, you can force a user to disconnect if the LOGNAME and SSH2_CLIENT variables are not associated.

Hope this helps. Regards.

Steven Sim Kok Leong
Brainbench MVP for Unix Admin
http://www.brainbench.com
0 Kudos
Reply
Sandor Horvath_2
Valued Contributor

‎02-22-2001 05:35 AM

‎02-22-2001 05:35 AM

Re: Restricting user access

Hi !

Edit /etc/profile and /etc/cshrc and check tty
whith tty command az user with $LOGNAME or id -un command. Exit if not allowed.

With the /var/adm/inetd.sec file You can filter acces by IP address.

regards, Saa
If no problem, don't fixed it.
0 Kudos
Reply
unixdaddy
Trusted Contributor

‎02-22-2001 07:26 AM

‎02-22-2001 07:26 AM

Solution

Re: Restricting user access

Although the OS does not provide this capability directly (there is nothing
similar to /etc/securetty for root), adding the following statements to
/etc/profile or /etc/csh.login should prevent a certain user from
login but allow su - username.

Expand on the "if" statement if there are multiple accounts.


For Bourne and POSIX shells, add the following to /etc/profile:

name=`logname`
if [ $name = username ]
then
echo $name not allowed to login...only su
exit
fi
#end

For C shell, add the following to /etc/csh.login:

set name=`logname`
if ( $name == username ) then
echo $name not allowed to login...only su
exit
endif
#end

Reply
Ray Evans
Advisor

‎02-22-2001 09:22 AM

‎02-22-2001 09:22 AM

Re: Restricting user access

Place this snip at the bottom of your system profile. Change the UID's top match those you want to have access. Touch /etc/nologin and remove when finished.

We use this during system maintenance as our users never seem to listen to our guidance.

hth,

Ray


# Check for file /etc/nologin. If present, log the users off (system
# maintenance in effect).

if [ -r /etc/nologin ]
then
case `/usr/bin/id -u` in
0|103|101|104|185)
echo "\n\n\n";
echo " --> NOTICE <---";
echo "User login is currently disabled because of system mainten
ance";
echo "However, you will be allowed in.";
echo "\nPress Enter to continue...\c";
read junk;;
*)
sleep 2;
clear;
echo "\n\n\n\n\n\n\n\n";
echo " The system is currently unavailable.";
echo " Please try again later. DPI Helpdesk can be contacted @
4298.";
sleep 5;
exit 1;;
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.