Quick SUMMARY: how to prevent users from loggin on to console

From: Rashad Al-Yawir (rashad@ii.uni.wroc.pl)
Date: Thu Jun 09 1994 - 19:59:19 CDT

here is a quick summary of my quistion. I asked

> How can I prevent users from using the console to logging in to the
> system. What I want to do is that everybody can telnet to that host
> but only some users can use the console. The system is Solaris 2.3.

I received 4 answers. I don't have time right now to do it, so I include
these answers and I'll send a full summary as soon as posible.

Thanks to :
  bidwell@andrews.edu (Daniel R. Bidwell)
  Danny Barron <dbarron@comp.uark.edu>
  kumeda@tds.com (Andy Kumeda)

------- Begin Include Message ----------------

From: bidwell@andrews.edu (Daniel R. Bidwell)

If your users are using the ksh or tcsh, they execute the /etc/profile
or /etc/csh.login (respectively) scripts as the login before doing their
other initialization scripts (.profile, .kshrc, or .cshrc, .login). You
can make the /etc/profile or /etc/csh.login scripts check where they
logged in from and who they are and allow or disallow as required.

Daniel R. Bidwell	|	bidwell@andrews.edu
Andrews University	Computer Science & Information Systems Department
If two always agree, one of them is unnecessary
"Friends don't let friends do DOS"
"In theory, theory and practice are the same.
In practice, however, they are not."


From: Danny Barron <dbarron@comp.uark.edu>

Try looking at setting up netgroups using NIS.


From: kumeda@tds.com (Andy Kumeda)

Try looking at the /bin/login that comes with TIS toolkit. Ftp to ftp.tis.com, and get fwtk.tar.Z


From: hydres!paul

This might cause other problems but I use the compat directive in nsswitch.conf There is a patch assoc. with this.101448-01 is the one. I have lines in the /etc/passwd file that reads:

also need to go on shadow, I encose my copies. I suspect clever people out there would suggest netgroups, but I did not have time to look at these. Its handy them being in the passwd file as you can do cd ~user ;chown user etc...

Files as attachments: enjoy.

root:x:0:1:0000-Admin(0000):/:/sbin/sh daemon:x:1:1:0000-Admin(0000):/: bin:x:2:2:0000-Admin(0000):/usr/bin: sys:x:3:3:0000-Admin(0000):/: adm:x:4:4:0000-Admin(0000):/var/adm: lp:x:71:8:0000-lp(0000):/usr/spool/lp: smtp:x:0:0:mail daemon user:/: uucp:x:5:5:0000-uucp(0000):/usr/lib/uucp: nuucp:x:9:9:0000-uucp(0000):/var/spool/uucppublic:/usr/lib/uucp/uucico listen:x:37:4:Network Admin:/usr/net/nls: nobody:x:60001:60001:uid nobody:/: noaccess:x:60002:60002:uid no access:/: update:x:1562:10::/cmp_aps/update:/bin/csh +robert:V4gIjzA.8kpDc:1371:20::/cmp_aps/robert:NOSHELL +jmas::::::NOSHELL +adam::::::NOSHELL +paultest::::::NOSHELL +foobar::::::NOSHELL +aajs::::::NOSHELL +paul::::::NOSHELL +ajc::::::NOSHELL +alan::::::NOSHELL +andrew::::::NOSHELL +apd::::::NOSHELL +asims::::::NOSHELL +atsw::::::NOSHELL +brendan::::::NOSHELL +ahs:hkiCxxkm0BLnc:1346:20::/cmp_aps/ahs:/bin/csh:

========================== # # /etc/nsswitch.nisplus: # # An example file that could be copied over to /etc/nsswitch.conf; it # uses NIS+ (NIS Version 3) in conjunction with files. # # "hosts:" and "services:" in this file are used only if the /etc/netconfig # file contains "switch.so" as a nametoaddr library for "inet" transports.

# the following two lines obviate the "+" entry in /etc/passwd and /etc/group. passwd: compat passwd_compat: nisplus group: files nisplus # consult /etc "files" only if nisplus is down. hosts: nisplus [NOTFOUND=return] files #Uncomment the following line, and comment out the above, to use both DNS #and NIS+. You must also set up the /etc/resolv.conf file for DNS name #server lookup. See resolv.conf(4). #hosts: nisplus dns [NOTFOUND=return] files

services: nisplus [NOTFOUND=return] files networks: nisplus [NOTFOUND=return] files protocols: nisplus [NOTFOUND=return] files rpc: nisplus [NOTFOUND=return] files ethers: nisplus [NOTFOUND=return] files netmasks: nisplus [NOTFOUND=return] files bootparams: nisplus [NOTFOUND=return] files

publickey: nisplus

netgroup: nisplus

automount: files nisplus aliases: files nisplus sendmailvars: files nisplus ----------

root:2lkdGMmviAdfE:8777:::::: daemon:NP:6445:::::: bin:NP:6445:::::: sys:NP:6445:::::: adm:NP:6445:::::: lp:NP:6445:::::: smtp:NP:6445:::::: uucp:E5FYQrMiakSQ2:8864:::::: nuucp:NP:6445:::::: listen:*LK*::::::: nobody:NP:6445:::::: noaccess:NP:6445:::::: update:QnfEbovlGU7oY:8497:::::: bouss:UJlrnDkS60j0E:8782:::::: richard:::::::: aajs:::::::: ajc:::::::: adam:::::::: paul:::::::: alan:::::::: andrew:::::::: apd:::::::: asims:::::::: atsw:::::::: brendan:::::::: ahs:hkiCxxkm0BLnc:1346::::::

Paul Humphreys ( Postmaster ) paul@hydres.uucp HR Wallingford paul%hydres.uucp@uknet.ac.uk Howbery Park Wallingford Tel: 0491-835381 X2292 Oxon Fax: 0491-832233 OX10-8BA

---------------- End Include Message ----------------

This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:09:03 CDT