249 lines
4.1 KiB
HTML
249 lines
4.1 KiB
HTML
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
|
|
<HTML
|
|
><HEAD
|
|
><TITLE
|
|
>Disabling a user temporarily</TITLE
|
|
><META
|
|
NAME="GENERATOR"
|
|
CONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK
|
|
REL="HOME"
|
|
TITLE="Linux System Administrators Guide"
|
|
HREF="index.html"><LINK
|
|
REL="UP"
|
|
TITLE="Managing user accounts"
|
|
HREF="managing-users.html"><LINK
|
|
REL="PREVIOUS"
|
|
TITLE="Removing a user"
|
|
HREF="deluser.html"><LINK
|
|
REL="NEXT"
|
|
TITLE="Backups"
|
|
HREF="backups-intro.html"></HEAD
|
|
><BODY
|
|
CLASS="SECT1"
|
|
BGCOLOR="#FFFFFF"
|
|
TEXT="#000000"
|
|
LINK="#0000FF"
|
|
VLINK="#840084"
|
|
ALINK="#0000FF"
|
|
><DIV
|
|
CLASS="NAVHEADER"
|
|
><TABLE
|
|
SUMMARY="Header navigation table"
|
|
WIDTH="100%"
|
|
BORDER="0"
|
|
CELLPADDING="0"
|
|
CELLSPACING="0"
|
|
><TR
|
|
><TH
|
|
COLSPAN="3"
|
|
ALIGN="center"
|
|
>Linux System Administrators Guide: </TH
|
|
></TR
|
|
><TR
|
|
><TD
|
|
WIDTH="10%"
|
|
ALIGN="left"
|
|
VALIGN="bottom"
|
|
><A
|
|
HREF="deluser.html"
|
|
ACCESSKEY="P"
|
|
>Prev</A
|
|
></TD
|
|
><TD
|
|
WIDTH="80%"
|
|
ALIGN="center"
|
|
VALIGN="bottom"
|
|
>Chapter 11. Managing user accounts</TD
|
|
><TD
|
|
WIDTH="10%"
|
|
ALIGN="right"
|
|
VALIGN="bottom"
|
|
><A
|
|
HREF="backups-intro.html"
|
|
ACCESSKEY="N"
|
|
>Next</A
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><HR
|
|
ALIGN="LEFT"
|
|
WIDTH="100%"></DIV
|
|
><DIV
|
|
CLASS="SECT1"
|
|
><H1
|
|
CLASS="SECT1"
|
|
><A
|
|
NAME="DISABLE-USER"
|
|
></A
|
|
>11.5. Disabling a user temporarily</H1
|
|
><P
|
|
> It is sometimes necessary to temporarily disable an
|
|
account, without removing it. For example, the user might not
|
|
have paid his fees, or the system administrator may suspect that
|
|
a cracker has got the password of that account. </P
|
|
><P
|
|
> The best way to disable an account is to change its shell
|
|
into a special program that just prints a message. This way,
|
|
whoever tries to log into the account, will fail, and will
|
|
know why. The message can tell the user to contact the system
|
|
administrator so that any problems may be dealt with. </P
|
|
><P
|
|
> It would also be possible to change the username
|
|
or password to something else, but then the user
|
|
won't know what is going on. Confused users mean more
|
|
work.
|
|
</P
|
|
><P
|
|
> A simple way to create the special programs is to write
|
|
`tail scripts':
|
|
|
|
<TABLE
|
|
BORDER="1"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><FONT
|
|
COLOR="#000000"
|
|
><PRE
|
|
CLASS="SCREEN"
|
|
>#!/usr/bin/tail +2
|
|
This account has been closed due to a security breach.
|
|
Please call 555-1234 and wait for the men in black to arrive.</PRE
|
|
></FONT
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
>
|
|
|
|
The first two characters (`<TT
|
|
CLASS="LITERAL"
|
|
>#!</TT
|
|
>') tell the
|
|
kernel that the rest of the line is a command that needs to be
|
|
run to interpret this file. The <B
|
|
CLASS="COMMAND"
|
|
>tail</B
|
|
> command
|
|
in this case outputs everything except the first line to the
|
|
standard output. </P
|
|
><P
|
|
> If user billg is suspected of a security breach,
|
|
the system administrator would do something like this:
|
|
|
|
<TABLE
|
|
BORDER="1"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><FONT
|
|
COLOR="#000000"
|
|
><PRE
|
|
CLASS="SCREEN"
|
|
><TT
|
|
CLASS="PROMPT"
|
|
>#</TT
|
|
> <TT
|
|
CLASS="USERINPUT"
|
|
><B
|
|
>chsh -s
|
|
/usr/local/lib/no-login/security billg</B
|
|
></TT
|
|
>
|
|
<TT
|
|
CLASS="PROMPT"
|
|
>#</TT
|
|
> <TT
|
|
CLASS="USERINPUT"
|
|
><B
|
|
>su - tester</B
|
|
></TT
|
|
>
|
|
This account has been closed due to a security breach.
|
|
Please call 555-1234 and wait for the men in black to arrive.
|
|
<TT
|
|
CLASS="PROMPT"
|
|
>#</TT
|
|
></PRE
|
|
></FONT
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
>
|
|
|
|
The purpose of the <B
|
|
CLASS="COMMAND"
|
|
>su</B
|
|
> is to test that the
|
|
change worked, of course. </P
|
|
><P
|
|
> Tail scripts should be kept in a separate directory,
|
|
so that their names don't interfere with normal user commands.
|
|
</P
|
|
></DIV
|
|
><DIV
|
|
CLASS="NAVFOOTER"
|
|
><HR
|
|
ALIGN="LEFT"
|
|
WIDTH="100%"><TABLE
|
|
SUMMARY="Footer navigation table"
|
|
WIDTH="100%"
|
|
BORDER="0"
|
|
CELLPADDING="0"
|
|
CELLSPACING="0"
|
|
><TR
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="left"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="deluser.html"
|
|
ACCESSKEY="P"
|
|
>Prev</A
|
|
></TD
|
|
><TD
|
|
WIDTH="34%"
|
|
ALIGN="center"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="index.html"
|
|
ACCESSKEY="H"
|
|
>Home</A
|
|
></TD
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="right"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="backups-intro.html"
|
|
ACCESSKEY="N"
|
|
>Next</A
|
|
></TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="left"
|
|
VALIGN="top"
|
|
>Removing a user</TD
|
|
><TD
|
|
WIDTH="34%"
|
|
ALIGN="center"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="managing-users.html"
|
|
ACCESSKEY="U"
|
|
>Up</A
|
|
></TD
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="right"
|
|
VALIGN="top"
|
|
>Backups</TD
|
|
></TR
|
|
></TABLE
|
|
></DIV
|
|
></BODY
|
|
></HTML
|
|
> |