Conference turris::digital_unix

8638.0. "interactive login access control" by TROOA::HENDRIKSE () Wed Jan 29 1997 12:30

    I have a customer that has an Alphaserver 4100 running Digital Unix
    3.2c and an Oracle database.  They tell me that thedatabase is
    authenticated by the passwd file stuff, there is no interactive access
    for most people.  I need to know how to make some people (selected by
    the sys admin) not be able to login interactively and other not.
    some suggestions already:
    
    1.  /etc/nologin - a good try, but there are a few people who need
    interactive login ability (away from the console)
    
    2.  shell replacement with a dumb shell that immediately exits -
    another good idea, but, alas, i don't know how to do it.
    
    3.  in another note GERUND::WOLFE suggested inserting -username into
    the local passwd file, buteither that does not work, or i did something
    wrong.
    
    Thanks in advance,
    steve
    
    P.S.  the cusomer is waiting for an answer, so a quick reply will save
    me from looking like a dim-wit.
    

>    2.  shell replacement with a dumb shell that immediately exits -
>    another good idea, but, alas, i don't know how to do it.

In /etc/passwd (or in the NIS passwd map), for the users you don't
want to be able to log in replace their shell with /usr/bin/false.
[Posted by WWW Notes gateway]

>    3.  in another note GERUND::WOLFE suggested inserting -username into
>    the local passwd file, buteither that does not work, or i did something
>    wrong.
 

This only works when NIS is running. Otherwise the system looks for a 
user named "-username"!

If you aren't using NIS the /bin/false shell trick will prevent logins. Setting
the password to "*" will as well. This is all standard unix hackery and the
standard Oracle site would have sysadmins that know how to do this.  If it's
really that simple then you are all set.


		Pete