HPE Community
Operating System - HP-UX
1833877 Members
2373 Online
110063 Solutions
New Discussion

Re: Users restriction?

 
ashwin
Occasional Contributor

‎11-17-2000 07:54 PM

‎11-17-2000 07:54 PM

Users restriction?

hello all,
What are the diifferent ways to restrict users to log on to the system from a specific 'tty'.
eg. user--> should log from tty /dev/pty3 only.
0 Kudos
Reply
5 REPLIES 5
Paula J Frazer-Campbell
Honored Contributor

‎11-18-2000 03:52 AM

‎11-18-2000 03:52 AM

Re: Users restriction?

Hi

This may help for root
If the /etc/securetty file is present, login security is in effect.
Only user root is allowed to log in successfully on the ttys listed in
this file. Restricted ttys are listed by device name, one per line.
Valid tty names are dependent on installation. An example is
console
tty01

To control a user to a specificy tty you can put a short scrip in their .profile to pick up their tty and if no match to tty in .profile throw a exit at them, this has the ability to allow a user a range of login ttys.

See man login

HTH

Paula
If you can spell SysAdmin then you is one - anon
0 Kudos
Reply
Bill Hassell
Honored Contributor

‎11-19-2000 12:21 PM

‎11-19-2000 12:21 PM

Re: Users restriction?

While you can certainly modify /etc/profile to restrict access by user name, time of day, number of logins allowed per user, terminal port and so on, network logins are a bit more complicated. Your example of a pty login, while possible to test, will likely be of no use as pty ports are assigned not by the requestor but as needed by the system.

Thus, for any given login, the pty (now more likely, a streams pts device file) assigned will be essentially unpredictable.

However, you can certainly test for the name or IP address of the incoming device using who -mur.


Bill Hassell, sysadmin
0 Kudos
Reply
Tommy Palo
Trusted Contributor

‎11-20-2000 02:21 AM

‎11-20-2000 02:21 AM

Re: Users restriction?

If you can get hold of the IP-address instead you could use /var/adm/inetd.sec to control access.
Keep it simple
0 Kudos
Reply
ashwin
Occasional Contributor

‎11-21-2000 06:43 PM

‎11-21-2000 06:43 PM

Re: Users restriction?

thanks to all,
But what are other ways to restrict pertoculer user to login from /dev/tty3 other than putting a script in .profile.

thankx once again to all.
0 Kudos
Reply
Bill Hassell
Honored Contributor

‎11-21-2000 07:04 PM

‎11-21-2000 07:04 PM

Re: Users restriction?

As mentioned, there is no way to predict what tty device the user will have. However, the concept is simple. Put the test in /etc/profile (.profile is under control of the user). The test for the user ID and terminal as well as the incoming hostname or IP address can be combined in one command:

who -muR

Extract the fields like this:

echo $(/usr/bin/who -muR) | awk '{print $1," " ,$2," ",$NF}' | read MYUID MYTTY MYPORT

Now test $MYUID and $MYTTY or $MYPORT. If they don't meet your criteria, then just exit from /etc/profile (with an appropriate message).


Bill Hassell, sysadmin
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.