Operating System - HP-UX
1839217 Members
3129 Online
110137 Solutions
New Discussion

Re: What's the file? Simple question....

 
ACS_2
Occasional Contributor

What's the file? Simple question....

What is file file you stick in /etc to restrict users from loging in?
10 REPLIES 10
Jason VanDerMark
Trusted Contributor

Re: What's the file? Simple question....

Can you be a little more specific. There are lots of files in /etc which can keep users from logging in (eg. passwd). If you can be a more precise or give us an example of the situation it would help greatly.

Thanks,
Jason V.
Tie two birds together, eventhough they have four wings, they cannot fly.
Rick Garland
Honored Contributor

Re: What's the file? Simple question....

Not aware of a file to put into /etc to restrict logins but you could modify the /etc/profile to for a file and if it exists, do not allow logins. Most of what I have seen, if a file called 'nologins' exists, typically in /etc, the the profile will see it and not allow logins. Again, this works in conjunction with the /etc/profile as just having the nologins file will not work, the profile has to be looking for it.
ACS_2
Occasional Contributor

Re: What's the file? Simple question....

I thought you could just create this file in /etc, and as long as it exsists, only root can login to the server. Actually I'm not sure it works that way on HP, but it does work on AIX.

I guess what I want to know is, how can I temporarily keep users from loging on to the box?
Patrick Wallek
Honored Contributor

Re: What's the file? Simple question....

I believe creating the /etc/nologin works on Solaris too but, as Rick said, it only works on HP if you modify the /etc/profile so it will look for the file.

If you are working from the console only, or have the web console, you could always stop inetd. That would prevent anyone from logging in. It would also prevent you from using any other network services as well though.
Patrick Wallek
Honored Contributor

Re: What's the file? Simple question....

Another option would be to just move the /etc/passwd file to something like passwd.with.all.users and then create a new passwd file with only the users you want to access the system.
Steven Sim Kok Leong
Honored Contributor

Re: What's the file? Simple question....

Hi,

Are you referring to /etc/securetty?

Hope this helps. Regards.

Steven Sim Kok Leong
Brainbench MVP for Unix Admin
http://www.brainbench.com
Paul T. Green
Advisor

Re: What's the file? Simple question....

I am under the impression that /etc/secure.tty is a file that keeps users from loging into the server from their workstations as root. This way only through the console can a person login as root. To my knowledge there is *no way* to keep users out of the system other than to shut down appplications and or sigle user mode...
We'd like to know a little bit about you for our files.... Paul Simon
Jerry L. Anderson
New Member

Re: What's the file? Simple question....

As a system admin we used /etc/nologin to keep users out of systems during maintenance and it worked fine. The following snippet of code is from /etc/profile

if [ -f /etc/nologin -a $uid -ne 0 ]; then
echo "Sorry, no login allowed, try later!"
sleep 5
exit 0
fi

As you can see, root can log in but users can't
Joanne Keegan
Regular Advisor

Re: What's the file? Simple question....

We use /etc/profile to limit user access, and this works well. If we have backups running and do not want users (except root) to login we create a BackUps file containing a message. When it is okay for users to be in we rename BackUps to NoBackUps. Here's what we have in /etc/profile:

# Check for backups in progress
if [ -x /etc/BackUps ]
then
if [ `whoami` != "root" ]
then
/etc/BackUps
exit
fi
fi
Wodisch
Honored Contributor

Re: What's the file? Simple question....

Hello ACS,
if you are going for the "/etc/nologin" approach, be
careful to insert that "if [ -f /etc/nologin ]" snippet in
all places used for logins, as there are:
- serial/console: /etc/profile, /etc/cshrc
- telnet/rlogin: /etc/profile, /etc/cshrc
- X-Windows: /etc/dt/config/Xstartup

HTH,
Wodisch