HPE Community
Operating System - HP-UX
1832753 Members
3245 Online
110045 Solutions
New Discussion

stop users from login the system

 
SOLVED
Go to solution
John McDen
Regular Advisor

‎04-08-2002 12:34 PM

‎04-08-2002 12:34 PM

stop users from login the system

Is there a way I can stop the user to login to the system.

New to HP
0 Kudos
Reply
10 REPLIES 10
Rodney Hills
Honored Contributor

‎04-08-2002 12:40 PM

‎04-08-2002 12:40 PM

Solution

Re: stop users from login the system

In my /etc/profile (run by everyone at login), I have a test of -

if [ -a /var/adm/lock.out -a $LOGNAME != "root" ] ; then
echo "System locked up..."
exit
fi

This way if I do a "touch /var/adm/lock.out", I can lock out all users (except for "root" of course)

-- Rod Hills
There be dragons...
Reply
Tom Danzig
Honored Contributor

‎04-08-2002 12:40 PM

‎04-08-2002 12:40 PM

Re: stop users from login the system

You can put this in the /etc/profile:

if [[ `id -u` -ne 0 ]] ; then
echo "No logins except for root allowed at this time"
exit 0
fi
Reply
Sandip Ghosh
Honored Contributor

‎04-08-2002 12:40 PM

‎04-08-2002 12:40 PM

Re: stop users from login the system

Rename the Passwd file.

Sandip
Good Luck!!!
0 Kudos
Reply
Helen French
Honored Contributor

‎04-08-2002 12:41 PM

‎04-08-2002 12:41 PM

Re: stop users from login the system

Hi,

You can just put 'exit' command in the $HOME/.profile file. If you don't want the user to log in the system, then delete that user ?

Also there are lot of security files which prevents logging to the system. It depends on the services you are using - ftp, telnet, rlogin etc.

HTH,
Shiju
Life is a promise, fulfill it!
0 Kudos
Reply
MANOJ SRIVASTAVA
Honored Contributor

‎04-08-2002 12:43 PM

‎04-08-2002 12:43 PM

Re: stop users from login the system

Hi John


in /etc/profile add the following lines :


loginid=`who am i | awk '{print $1}'`
echo $loginid
if [ $loginid = oracle ]
then
exit
fi

you are good to go.


Manoj Srivastava
Reply
pap
Respected Contributor

‎04-08-2002 12:58 PM

‎04-08-2002 12:58 PM

Re: stop users from login the system

hi you can do one thing.

1. you can lock the user by putting LK word in password field for all the user's who want to block. You have to put LK antry in password file where encrypted password is stored.

This way you can control the login access and you can allow him to login in case you decide to do so in future.


-pap
"Winners don't do different things , they do things differently"
0 Kudos
Reply
Fred Martin_1
Valued Contributor

‎04-09-2002 05:14 AM

‎04-09-2002 05:14 AM

Re: stop users from login the system

I like Rodney's solution, if your intention is to temporarily lock out users for a short time. I use the same approach but allow anyone in the 'admin' group to get in, so SA's can work. 'admin' is a group I created, with all of our SA's and root listed in it.

fmartin@applicatorssales.com
0 Kudos
Reply
Darrell Allen
Honored Contributor

‎04-09-2002 05:39 AM

‎04-09-2002 05:39 AM

Re: stop users from login the system

Hi John,

If the user is a csh user, modify /etc/csh.login instead of /etc/profile.

If you are trying to lockout all users (other than root), there is another option if using 11.x.

11.0 (with the cumulative login patch) added support for /etc/nologin. This basically does what others have done with modifications to /etc/profile (and /etc/csh.login). See the following 2 threads:

http://forums.itrc.hp.com/cm/QuestionAnswer/1,,0x5e730b0717d1d5118ff40090279cd0f9,00.html

http://forums.itrc.hp.com/cm/QuestionAnswer/1,,0x6a1272106351d5118fef0090279cd0f9,00.html

Note that none of these address ftp access. You should comment out ftp in /etc/inetd.conf and restart inetd (inetd -c).

CDE users are not affected by /etc/profile, /etc/csh.login, nor /etc/nologin hacks. You need to stop dtlogin with "/sbin/init.d/dtlogin.rc stop".

Darrell
"What, Me Worry?" - Alfred E. Neuman (Mad Magazine)
Reply
David Lodge
Trusted Contributor

‎04-11-2002 03:05 AM

‎04-11-2002 03:05 AM

Re: stop users from login the system

The problems with the above is that they will only lock people out by normal methods (telnet, rlogin etc)

Not all program use /etc/profile when a user connects; you will need to check other things, eg ftp (put an entry for that user in /etc/ftpd/ftpusers), X (cp /usr/dt/config/Xstartup to /etc/dt/config/Xstartup and edit that using one of the above scriptlets)

The easiest way to do the above, is if your server is trusted, to use the admin lock option on a user, this can be set by using /usr/lbin/modprpw (I can't remember the flags but you can see them in the 11i man page on docs.hp.com)

But this doesn't seem to work with some versions of ssh (if you use that)

dave
Reply
harry d brown jr
Honored Contributor

‎04-11-2002 03:47 AM

‎04-11-2002 03:47 AM

Re: stop users from login the system

I've always used /etc/nologin method. simple to perform:

touch /etc/nologin

locks everyone out, and

rm /etc/nologin

allows everyone back in.

It should be tested in your /etc/profile script.

Of course, remember to shutdown ftp also.

live free or die
harry
Live Free or Die
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.