How to Disable OS Users Using Selang
search cancel

How to Disable OS Users Using Selang

book

Article ID: 370451

calendar_today

Updated On:

Products

CA Privileged Identity Management Endpoint (PIM)

Issue/Introduction

There is a need to disable a set of OS users, is it possible to script it through an selang command?

Environment

Privileged Identity Manager 12.8
PAM Server Control 14.x

Resolution

Using selang, there are two options in the chu/chxu/eu/exu commands which an administrator could use to disable users from logging into a server.

The first option would be the suspend option, which suspends the user within PIM/PAMSC. The user would still be able to login should the endpoint daemons be stopped at the time of the login.

The second option would be to use the unix(shellprog(.....)) option, which would update the user natively and set their shell to /bin/nologin, /bin/false, or a similar shell which would prevent logins.

 

To be on the safe side, the administrator could use both options in one command, which would look like the following example.

> eu testuser suspend unix(shellprog(.....))
(localhost)
Successfully updated USER testuser
(localhost)
Unix :
======
Successfully updated USER testuser

 

To script it, the administrator could call the selang command as in the example below.

[root@linuxserver tmp]# selang -s -c "eu user1 suspend unix(shellprog(.....))"
(localhost)
Successfully updated USER user1
(localhost)
Unix :
======
Successfully updated USER user1
[root@linuxserver tmp]#

[root@linuxserver tmp]# selang -s -c "eu user2 suspend unix(shellprog(.....))"
(localhost)
Successfully updated USER user2
(localhost)
Unix :
======
Successfully updated USER user2
[root@linuxserver tmp]#

[root@linuxserver tmp]# selang -s -c "eu user3 suspend unix(shellprog(.....))"
(localhost)
Successfully updated USER user3
(localhost)
Unix :
======
Successfully updated USER user3
[root@linuxserver tmp]#

 

To enable the user at a later time, the administrator would use the selang command below.

> eu testuser suspend- unix(shellprog(.....))
(localhost)
Successfully updated USER testuser
(localhost)
Unix :
======
Successfully updated USER testuser

Additional Information

For more information about the eu/exu/chu/chxu syntax, refer to one of the following documentation links.

PIM Documentation - ch x usr Command
PAMSC Documentation - ch x usr Command

Powered by Wolken Software