Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!swrinde!cs.utexas.edu!milano!uudell!sequoia!rpp386!jfh
From: jfh@rpp386.cactus.org (John F Haugh II)
Newsgroups: comp.unix.aix
Subject: Re: Invalidating Users (temporarily)
Message-ID: <19397@rpp386.cactus.org>
Date: 24 Jun 91 13:38:19 GMT
References: <1991Jun21.163259.6777@unlinfo.unl.edu>
Reply-To: jfh@rpp386.cactus.org (John F Haugh II)
Distribution: usa
Organization: Cheeseburger in Paradise, Le Select, St Barts., FWI
Lines: 24

In article <1991Jun21.163259.6777@unlinfo.unl.edu> james@engrss2.unl.edu (James Nau) writes:
>Does anyone know of a way to invalidate a user so that a message is
>displayed, and the user is logged off, and ftp access is disabled?
>I've tried replacing the shell with a program that prints out a
>message.  Worked great.  But that still allowed FTP access to the account.

There is a file, /etc/shells, which lists the shells which a user may
have and be granted FTP access.  The /etc/shells file was replaced by
the "shells" attribute in /etc/security/login.cfg and I suspect the
people in TCP/IP didn't get the message.

>The only alternative that I can see is to either a) change the password
>on the account, or b) mark that password in /etc/passwd to be a "*".
>Both of these will disable the account, but won't allow a message to be
>printed.

Create the file /etc/shells and add the names of the valid login shells
on separate lines.  Your program shouldn't be listed, nor should the UUCP
and other "special" commands.
-- 
John F. Haugh II        | Distribution to  | UUCP: ...!cs.utexas.edu!rpp386!jfh
Ma Bell: (512) 255-8251 | GEnie PROHIBITED :-) |  Domain: jfh@rpp386.cactus.org
"UNIX signals are not interrupts.  Worse, SIGCHLD/SIGCLD is not even a UNIX
 signal, it's an abomination."  -- Doug Gwyn