why it doesnt work?

thebeatlesguru · ‎02-21-2002

http://ussupport2.external.hp.com/cki/bin/doc.pl/sid=e717c00a0d699871b1/screen=ckiDisplayDocument?docId=200000051899524
in this passage,it says:
For Bourne and POSIX shells, add the following to /etc/profile:

#unsupported statements to prevent users from login but allow su.
name=`logname`
if [ $name = username ]
then
echo $name not allowed to login...only su
exit
fi
#end

however i add it to my /etc/profile,but it doesnt work,what's wrong?
following is :
name=`logname`
if [ $name = pin2 ]
then
echo " $name not allowed to login..only su"
exit
fi

hihi

Ron Kinner · ‎02-21-2002

Perhaps pin2 should be "pin2" ?

Ron

Steven Sim Kok Leong · ‎02-21-2002

Hi,

Replace logname with id -un and add the double quotes on $name to be sure.

name=`id -un`
if [ "$name" = "pin2" ]
then
echo " $name not allowed to login..only su"
exit
fi

Hope this helps. Regards.

Steven Sim Kok Leong

Kenny Chau · ‎02-21-2002

Well, I should say to use ". ie.

if [ "$name" = "pin2" ]

Hope this helps.
Kenny.

Kenny

thebeatlesguru · ‎02-21-2002

now i rewrite it and add to etc/profile:
name=`id -un`
if [ "$name" = "pin2" ]
then
echo " $name not allowed to login..only su"
exit
fi

but it still doesnt work ,i still could use pin2 to login

hihi

Steven Sim Kok Leong · ‎02-21-2002

Hi,

Tested to work fine for me.

Insert this statement in your /etc/profile right before the loop starts:

echo The login user is `id -un`

What does it show when pin2 logs in?

Hope this helps. Regards.

Steven Sim Kok Leong

Steven Sim Kok Leong · ‎02-21-2002

Hi,

In other words:

echo The login user is `id -un`
name=`id -un`
if [ "$name" = "pin2" ]
then
echo " $name not allowed to login..only su"
exit
fi

When you test pin2, you will see the printed output:

The login user is ...

What is printed there?

Hope this helps. Regards.

Steven Sim Kok Leong

thebeatlesguru · ‎02-21-2002

5555
maybe i didnt understand this script correctly

following is my understanding:
unix server:A,B
i add that script to B'/etc/profile,so it means that when i telnet B from A ,and when i
input pin2 in login,it will not allow me to input passwd.

isnt it?

hihi

Kenny Chau · ‎02-21-2002

I had tested it too and it really works. Just want to know the message " pin2 not allowed to login...only su " had appeared or not. If not, there is something wrong in the if-then-fi statement.

Hope this helps.
Kenny.

Kenny

Deepak Extross · ‎02-21-2002

That's not how it works..
/etc/profile will be called only after successful login. Which means that you will ahve to enter your login name & password.
Then, if your login name if "pin2", you will be thrown out immediately.
You are specifying "pin2" at the login: prompt, right?

Steven Sim Kok Leong · ‎02-21-2002

Hi,

When you telnet from system A to system B, system B will still prompt you for the password before "kicking" you out from system B.

/etc/profile is read upon successful login.

If you do not want the login prompt to be even shown, then you should use /var/adm/inetd.sec (on system B) to restrict the IP addresses (ie. system A fixed IP) that can telnet to system B

Hope this helps. Regards.

Steven Sim Kok Leong

Kenny Chau · ‎02-21-2002

Well, as what I understand here, you still need to input the password when you telnet B from A after you put that script in the .profile. However, after you input the password, it will not show the prompt and it will show the messages "pin2 not allowed to login...only su" and then logout.

Hope this helps.
Kenny.

Kenny

Steven Sim Kok Leong · ‎02-21-2002

Hi,

Just an additional note that by restricting telnet via IP addresses in /var/adm/inetd.sec, you will block all userids from system A, in addition to pin2.

I would say that it is still safe to allow the user to be prompted for password and then get kicked out from /etc/profile.

If you don't like this, the workaround is to create a trust relationship either using SSH (ie. authorized_keys)or .rhosts (insecure) so that the user will not be prompted for login from system A and still get kicked out from /etc/profile (which has traps within which the user cannot break out ie. ctrl-c).

Hope this helps. Regards.

Steven Sim Kok Leong

Kenny Chau · ‎02-21-2002

If you just want to restrict a user to login to a particular machine, you can modify the /etc/passwd file to change the password field of that user to an "*" so that user cannot login but can be su.

Hope this helps.
Kenny.

Kenny

Steven Sim Kok Leong · ‎02-21-2002

Hi,

I agree with Kenny's method. I think changing the passwd field in /etc/passwd is the cleaniest solution to your requirements.

Hope this helps. Regards.

Steven Sim Kok Leong

thebeatlesguru · ‎02-21-2002

well ,i see all you mean,but now i could login with pin2 and dont kick out from /etc/profile.

i tested a shell x:name=`id -un`
if [ "$name" = "pin2" ]
then
echo " $name not allowed to login..only su"
exit
fi

when i use pin2 to test x,it show
pin2 not allwed to login..only su
but pin2 doesnt exit

hihi

Kenny Chau · ‎02-21-2002

As what I understand, if you test X in a shell script even with pin2 as the login ID, it will of course did not exit the session because the line "exit" will only exit the shell script but not the telnet session. If you put that in the .profile, it will exit the login (as I had tested it before).

Hope this helps.
Kenny.

Kenny

thebeatlesguru · ‎02-21-2002

i find something so stranger:
when i use root to login:
it show:The login user is root

but when i use pin2 to login
it dosent show the message.

another thing i wanna know,when i login with pin2,system call which profile?
/etc/profile or /home/pin2/.profile?

hihi

Patrick Wallek · ‎02-21-2002

Are you sure of the shell for the pin2 id? It sounds like the shell it is using is the wrong one to call /etc/profile. Can you post the entry from your /etc/passwd file for the pin2 user id?

thebeatlesguru · ‎02-21-2002

you are right pin2:iLuWY44UDTQSk:1102:1008:,,,:/home/pin2:/usr/bin/csh
root is sbin/sh

i didnt notice it.
now ,what should i do

hihi

thebeatlesguru · ‎02-21-2002

now i have added following script to csh.login:
set name=`id -un`
if ( "$name" == "pin2" ) then
echo "$name not allowed to login..only su"
exit
endif

and when i use pin2 to login ,it show pin2 not allowed to login..only su
however it doesnt exit system,do i need add parameter to exit?

hihi

Steven Sim Kok Leong · ‎02-21-2002

Hi,

Replace "exit" with "logout".

Hope this helps. Regards.

Steven Sim Kok Leong

thebeatlesguru · ‎02-21-2002

ok,i have get what i want.
thank everyone here,you are so helpful

i make two mistakes in this question:
1.i didnt notice user's shell
2.should replace exit with logout

thank u all again

hihi

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

why it doesnt work?

why it doesnt work?

Re: why it doesnt work?

Re: why it doesnt work?

Re: why it doesnt work?

Re: why it doesnt work?

Re: why it doesnt work?

Re: why it doesnt work?

Re: why it doesnt work?

Re: why it doesnt work?

Re: why it doesnt work?

Re: why it doesnt work?

Re: why it doesnt work?

Re: why it doesnt work?

Re: why it doesnt work?

Re: why it doesnt work?

Re: why it doesnt work?

Re: why it doesnt work?

Re: why it doesnt work?

Re: why it doesnt work?

Re: why it doesnt work?

Re: why it doesnt work?

Re: why it doesnt work?

Re: why it doesnt work?