Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations biv343 on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

set id to be non login able

Status
Not open for further replies.
visvid

visvid

Technical User
Jun 3, 2002
131
GB
How do i set up a userid to be non logonable ?

I have had a request to do this on a Sun box... not sure what they mean, i guess its an id to run batch scripts, but not allow users to telnet into the boxes ?

I have tried setting /nosuchshell in login shell and no password setuid in Admintool , someone also suggested login shell to be csh and create a .cshrc file with the user environment, so they could not move around outside there own /home directory , but this has not worked


Any ideas please


 
Sort by date Sort by votes
Change the password and don't tell anyone what it is.....

or user admintool to disable the account.

--
| Mike Nixon
| Unix Admin
|
----------------------------
 
Upvote 0 Downvote
ok i can change passwd , and see if that works as it is for batch work to read the userid id and then run it's script , do you think this would work ?
 
Upvote 0 Downvote
Should do

--
| Mike Nixon
| Unix Admin
|
----------------------------
 
Upvote 0 Downvote
The official way to do this is to set the shell on the user to /bin/false and the password in the shadow file to NP. If you lock the password (*LK* in the shadow file) it will not allow you to run cron jobs on Solaris 8 with the latest patches or Solaris 9 - something a batch user might require.

There are alternatives to /bin/false depending on how security conscious you are. A statically compiled executable /bin/noshell is avaliable (search on google) which prevents login but logs the login attempt and client IP address to the messages file or emails to a nominated security auditor.
 
Upvote 0 Downvote
ok this is where someone said /noshell , did not realise it was not standard on Sol 8 and had to be downloaded , i think youre right just setting a passwd and not telling him is not good for security , the idea being they cant telnet in on that userid and the batch work is only run in there home directory
 
Upvote 0 Downvote
Julian

think /bin/fasle must be set up as a shell ? as i dont have the shell , but NP in /etc/shadow was a good and had shell set to csh as batch jobs run through c, so running

su - <userid> -c <batch_script> has worked

Cheers for help

visvid
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

arciua
  • Locked
  • Question
SUN Solaris 7: How to pin Workspace Menu?
Replies
0
Views
602
arciua
arciua
austinramsay
  • Locked
  • Question
Solaris 10 install hanging at 3%.. Where to find log file, or ideas?
Replies
1
Views
587
AvayaTier3
AvayaTier3
tekmhe
  • Locked
  • Question
Using a PC, how to delete files from a Sunblade 150 IDE drive?
Replies
3
Views
406
SamBones
SamBones
DTGMI
  • Locked
  • Question
Sunblade 150 NVRAM IDPROM Reprogramming Issues
Replies
11
Views
1K
frodete
frodete
NickHocking
  • Locked
  • Question
Which threads are being blocked
Replies
0
Views
421
NickHocking
NickHocking

Part and Inventory Search

Sponsor

Back
Top