HPE Community
Operating System - HP-UX
1835921 Members
2588 Online
110088 Solutions
New Discussion

tweaking init

 
Lana Cameli
Advisor

‎05-03-2007 01:27 AM

‎05-03-2007 01:27 AM

tweaking init

Hi all;
I need to tweak one of the init levels so that only I and a couple of other users are able to log into the system. So essentially, I want to initiate an init command (init 2) which would restrict logins to specified few.


Can that be done? How would I go about it?
0 Kudos
Reply
5 REPLIES 5
Pete Randall
Outstanding Contributor

‎05-03-2007 01:48 AM

‎05-03-2007 01:48 AM

Re: tweaking init

Rather than messing with init, there is a option available in the 11.X security feature: /etc/security. Check the man page for security and look for the nologin feature. Basically, if you create a file called /etc/nologin, non-root access is restricted, as long as NOLOGIN is set to 1 in the /etc/security file (which you may have to create).


Pete

Pete
0 Kudos
Reply
Lana Cameli
Advisor

‎05-03-2007 01:51 AM

‎05-03-2007 01:51 AM

Re: tweaking init

I'm still on v 10.20 :(
0 Kudos
Reply
Mel Burslan
Honored Contributor

‎05-03-2007 01:54 AM

‎05-03-2007 01:54 AM

Re: tweaking init

pointing out the obvious, you can create a script to do this.

when you enter into the init 2 stage, script runs (with proper Sxxx and Kxxx links created) and does this

check the status (locked/active) of the users you want NOT to be able to login. Store these in some file for reverting back to them.

then lock these users out.

do your thing at init level 2

when you go to init level 3 or above, using the file you created above, go ahead and restore those accounts' status back to where they were prior to you locking them out.

lock-out and restoration, may be handled differently depending on your OS security level, i.e., trusted or untrusted.

hope this helps
________________________________
UNIX because I majored in cryptology...
0 Kudos
Reply
OldSchool
Honored Contributor

‎05-03-2007 02:05 AM

‎05-03-2007 02:05 AM

Re: tweaking init

Along the lines of what Mel said:
another way is to place a file in a known location (like /etc/downtime)

instead of locking / unlocking in passwd,
modify the system's /etc/profile to look for that file. if it finds it, check user id against a list of allowed users. if they are allowed, fine, else exit

at init 3, remove said file. this also lets you manually create the file to prohibit logins at higher run levels if needed

0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎05-03-2007 02:25 AM

‎05-03-2007 02:25 AM

Re: tweaking init

Shalom,

Modify /etc/profile

Have it check the variable LOGNAME against the output from who -r and log users out based on run level.

Shell scripting.

I don't know why the idea to touch init came to mind but its not the way to acheive the goal.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.