Re: OSR5: how to find out disabled terminals by authorization subsystem?
- From: bv@xxxxxxx (Bill Vermillion)
- Date: Tue, 10 Jul 2007 14:05:01 GMT
In article <1183999976.688524.299000@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>,
ThreeStar <sco@xxxxxxxxxxxxxxxxx> wrote:
On Jul 8, 10:04 am, Pepe <p...@xxxxxxxxxx> wrote:
Hello.
I am giving a test drive to OSR5 (without graphical environment), so far
so good.
After manually defaulting to the Korn Shell, changing the "intr" code to
CTRL-C, going through the install with a broken "Spanish" keyboard map,
setting TIMEOUT=20 in /etc/default/boot so the machine starts directly
into multi-user mode *and* doesn't stall forever asking the time
(WTF??), configuring a default terminal type so it again stops asking
forever, touching ~/.hushlogin to get rid of a full screen worth of
copyright notices, manually configuring a sane and informative shell
prompt, making root's $HOME something other than "/", and setting the IP
address *inside* the TCP startup script (there is not any variable(s) to
configure in a file to be sourced by said script, incredible!), I can
say it is a nice and stable UNIX, although the userland smells a little
of old...
I am surprised by the "enhanced security subsystems", for accounts,
terminals and files. At first, it was a shock with my test users being
disabled here and there ("Account is disabled -- see Account
Administrator"), and the terminal channels being disabled too ("Terminal
tty03 is disabled"). But I am growing to like it, it feels like a fortress.
I was a little mystified by "passwd -s" declaring as "locked" several
accounts which had perfectly valid encrypted password fields (that is,
no asterisks nor bangs in them, etc.). Then I saw that "passwd" was
interfacing to the "protected password database" to inform about the
lock. However, although "passwd -s" and "passwd -l" do interface to the
"protected password database", that is not the case for "passwd -u",
which I don't quite understand why. I found it confusing so I made these
scripts for my own use:
show-locked-users.sh
#!/bin/sh
# This scrip shows system users with a locked account.
# Created: 2007-07-08.
for var in `cat /etc/passwd | awk -F ":" '{print $1}'` ; \
do passwd -s $var ; done | grep .LK
unlock-given-user.sh
#!/bin/sh
# This script unlocks an user, which it takes a the only parameter.
# The unlock is first done at the shadow file level, then
# at the "OSR5 enhanced security subsystem" level.
# Created: 2007-07-08
[ "$1" = "" ] && echo "Error: no username given.\n\
Usage: you must give one (1) username as parameter, \
so I can unlock it." && exit 1
passwd -u "$1" && usermod -x "{unsuccessfulLoginAttempts 0}" \
-x "{administrativeLockApplied 0}" "$1"
About the terminals locking issue, I have found the "ttylock" and
"ttyunlock" system commands, which work great. However, I have not found
any command to see which tty*'s have fallen under the security lock. I
see I can launch "scoadmin terminal" --> Unlock [Enter] ---> F3, but
that is not a scriptable solution and lacks any elegance (which is to be
expected from a real UNIX).
So, how can I find out from a pure command line which terminals are locked?
Regards,
Pepe.
The time prompt during boot has to do with the fact that SCO5 grew up
in pre-Internet (i.e., pre-NTP) times.
And also before the systems had built in RTCs to keep track of the
time.
I remember getting a call about 7AM from one company that no one
could log in but the system was running.
I found they had no root password set and they wanted it that way
so anyone could get in.
I explained to them that when the system comes up there was
a press-control-D to continue or enter to go to system. [I think
that was it - it's been a long long time].
So at that point the system was in sinlge user mode. I told them
they must have a root password to prevent mistakes such as that,
and they could post the root password on the computer if they felt
that everyone should have access to that.
So it was a 15 minute call that netted $75. Then I went home and
had breakfast.
Bill
--
Bill Vermillion - bv @ wjv . com
.
- Follow-Ups:
- References:
- Prev by Date: Re: Why sticky bit on executables?
- Next by Date: Re: Scoanso terminal emulator for Linux
- Previous by thread: Re: OSR5: how to find out disabled terminals by authorization subsystem?
- Next by thread: Re: OSR5: how to find out disabled terminals by authorization subsystem?
- Index(es):
Relevant Pages
|
