Path: utzoo!attcan!uunet!chinacat!chip
From: chip@chinacat.Unicom.COM (Chip Rosenthal)
Newsgroups: comp.unix.xenix
Subject: Re: Keep them out!
Message-ID: <1270@chinacat.Unicom.COM>
Date: 26 May 90 20:01:03 GMT
References: <304@fryepro.UUCP>
Distribution: na
Organization: Unicom Systems Development, Austin, TX
Lines: 44

In article <304@fryepro.UUCP> gary@fryepro.UUCP (Gary L. Scorby) writes:
>[On SCO XENIX 2.3.2] Is there a command that allows the super user to stop
>anyone from logging in for a period of time?

No.  The "login" program does not support this kind of feature.  However,
there is hook in /etc/gettydefs which will help.  You can specify a program
to run in the 6th field rather than defaulting to /etc/login.  So, you might
create an /etc/loginchk from the following:

#include <stdio.h>
#define LOGINLCK "/etc/nologin"

main()
{
    if ( access(LOGINLCK,0) == 0 ) {
        fputs("Logins are temporarily disabled.  Try again later.\n",stderr);
        exit(1);
    }
    execl("/etc/login","login",(char *)NULL);
    fputs("loginchk: exec login failed\n",stderr);
    exit(1);
}

If you take this approach, "loginchk" should be installed owned by "bin"
with permissions 4500 (that is, setuid to bin).

An easier approach if all your users run the same shell, say /bin/sh,
is just stick:

	if [ -f /etc/nologin ] ; then
	    echo Logins are temporarily disabled.  Try again later.
	    exit 1
	fi

into /etc/profile.  For csh, change syntax appropriately and use /etc/cshrc.

*WARNING*  Before you go about doing anything like this, you should add
an escape hatch so that root can bypass this check, otherwise you can
lock the door behind you.

-- 
Chip Rosenthal                            |  You aren't some icon carved out
chip@chinacat.Unicom.COM                  |  of soap, sent down here to clean
Unicom Systems Development, 512-482-8260  |  up my reputation.  -John Hiatt