HPE Community
Operating System - HP-UX
1825982 Members
3135 Online
109690 Solutions
New Discussion

What's the file? Simple question....

 
ACS_2
Occasional Contributor

‎02-15-2001 02:21 PM

‎02-15-2001 02:21 PM

What's the file? Simple question....

What is file file you stick in /etc to restrict users from loging in?
0 Kudos
Reply
10 REPLIES 10
Jason VanDerMark
Trusted Contributor

‎02-15-2001 02:37 PM

‎02-15-2001 02:37 PM

Re: What's the file? Simple question....

Can you be a little more specific. There are lots of files in /etc which can keep users from logging in (eg. passwd). If you can be a more precise or give us an example of the situation it would help greatly.

Thanks,
Jason V.
Tie two birds together, eventhough they have four wings, they cannot fly.
0 Kudos
Reply
Rick Garland
Honored Contributor

‎02-15-2001 02:39 PM

‎02-15-2001 02:39 PM

Re: What's the file? Simple question....

Not aware of a file to put into /etc to restrict logins but you could modify the /etc/profile to for a file and if it exists, do not allow logins. Most of what I have seen, if a file called 'nologins' exists, typically in /etc, the the profile will see it and not allow logins. Again, this works in conjunction with the /etc/profile as just having the nologins file will not work, the profile has to be looking for it.
0 Kudos
Reply
ACS_2
Occasional Contributor

‎02-15-2001 03:03 PM

‎02-15-2001 03:03 PM

Re: What's the file? Simple question....

I thought you could just create this file in /etc, and as long as it exsists, only root can login to the server. Actually I'm not sure it works that way on HP, but it does work on AIX.

I guess what I want to know is, how can I temporarily keep users from loging on to the box?
0 Kudos
Reply
Patrick Wallek
Honored Contributor

‎02-15-2001 03:39 PM

‎02-15-2001 03:39 PM

Re: What's the file? Simple question....

I believe creating the /etc/nologin works on Solaris too but, as Rick said, it only works on HP if you modify the /etc/profile so it will look for the file.

If you are working from the console only, or have the web console, you could always stop inetd. That would prevent anyone from logging in. It would also prevent you from using any other network services as well though.
0 Kudos
Reply
Patrick Wallek
Honored Contributor

‎02-15-2001 03:40 PM

‎02-15-2001 03:40 PM

Re: What's the file? Simple question....

Another option would be to just move the /etc/passwd file to something like passwd.with.all.users and then create a new passwd file with only the users you want to access the system.
0 Kudos
Reply
Steven Sim Kok Leong
Honored Contributor

‎02-15-2001 11:34 PM

‎02-15-2001 11:34 PM

Re: What's the file? Simple question....

Hi,

Are you referring to /etc/securetty?

Hope this helps. Regards.

Steven Sim Kok Leong
Brainbench MVP for Unix Admin
http://www.brainbench.com
0 Kudos
Reply
Paul T. Green
Advisor

‎03-07-2001 08:42 AM

‎03-07-2001 08:42 AM

Re: What's the file? Simple question....

I am under the impression that /etc/secure.tty is a file that keeps users from loging into the server from their workstations as root. This way only through the console can a person login as root. To my knowledge there is *no way* to keep users out of the system other than to shut down appplications and or sigle user mode...
We'd like to know a little bit about you for our files.... Paul Simon
0 Kudos
Reply
Jerry L. Anderson
New Member

‎03-13-2001 10:18 AM

‎03-13-2001 10:18 AM

Re: What's the file? Simple question....

As a system admin we used /etc/nologin to keep users out of systems during maintenance and it worked fine. The following snippet of code is from /etc/profile

if [ -f /etc/nologin -a $uid -ne 0 ]; then
echo "Sorry, no login allowed, try later!"
sleep 5
exit 0
fi

As you can see, root can log in but users can't
0 Kudos
Reply
Joanne Keegan
Regular Advisor

‎03-13-2001 12:57 PM

‎03-13-2001 12:57 PM

Re: What's the file? Simple question....

We use /etc/profile to limit user access, and this works well. If we have backups running and do not want users (except root) to login we create a BackUps file containing a message. When it is okay for users to be in we rename BackUps to NoBackUps. Here's what we have in /etc/profile:

# Check for backups in progress
if [ -x /etc/BackUps ]
then
if [ `whoami` != "root" ]
then
/etc/BackUps
exit
fi
fi
0 Kudos
Reply
Wodisch
Honored Contributor

‎03-13-2001 01:37 PM

‎03-13-2001 01:37 PM

Re: What's the file? Simple question....

Hello ACS,
if you are going for the "/etc/nologin" approach, be
careful to insert that "if [ -f /etc/nologin ]" snippet in
all places used for logins, as there are:
- serial/console: /etc/profile, /etc/cshrc
- telnet/rlogin: /etc/profile, /etc/cshrc
- X-Windows: /etc/dt/config/Xstartup

HTH,
Wodisch
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.