Chapter 16

Securing Systems (Tasks)

This chapter describes the procedures for securing systems in the Solaris environment.

This is a list of the step-by-step instructions in this chapter.

For overview information about securing systems, see "System Security".

Displaying User Login Information

This section describes how to display user login information.

How to Display a User's Login Status

Become superuser or assume an equivalent role.

Display a user's login status by using the logins command.

# logins -x -l username

`-x`	Displays an extended set of login status information.
`-l` username	Displays the login status for the specified user. username is a user's login name. Multiple login names must be specified in a comma-separated list.

The logins command uses the local /etc/passwd file and the name service password databases (if any) to obtain a user's login status. For more information, see the logins(1M) man page.

Example--Displaying a User's Login Status

In the following example, the login status for the user rimmer is displayed.

# logins -x -l rimmer
rimmer       500     staff           10   Arnold J. Rimmer
                     /export/home/rimmer
                     /bin/sh
                     PS 010170 10 7 -1

`rimmer`	Identifies the user's login name.
`500`	Identifies the user ID (UID).
`staff`	Identifies the user's primary group.
`10`	Identifies the group ID (GID).
`Arnold J. Rimmer`	Identifies the comment.
`/export/home/rimmer`	Identifies the user's home directory.
`/bin/sh`	Identifies the login shell.
`PS 010170 10 7 -1`	Specifies the password aging information: Last date the password was changed Number of days that are required between changes Number of days that are allowed before a change is required Warning period

How to Display Users Without Passwords

You should make sure that all users have a valid password.

Become superuser or assume an equivalent role.

Display all users who have no passwords by using the logins command.
# logins -p
The -p option displays a list of users with no passwords. The logins command uses the local /etc/passwd file and the name service password databases to obtain a user's login status.

Example--Displaying Users Without Passwords

The following example shows that the user pmorph does not have a password.

# logins -p
pmorph          501     other           1       Polly Morph
#

Temporarily Disabling User Logins

You can temporarily disable user logins by doing either of the following:

Creating the /etc/nologin file.
Bringing the system to run level 0 (single-user mode). For information on bringing the system to single-user mode, see "Shutting Down a System (Tasks)" in System Administration Guide: Basic Administration.

Creating the `/etc/nologin` File

Create this file to disallow user logins and notify users when a system will be unavailable for an extended period of time because of a system shutdown or routine maintenance.

If a user attempts to log in to a system where this file exists, the contents of the nologin file is displayed, and the user login is terminated. Superuser logins are not affected. For more information, see the nologin(4) man page.