This script creates a file of user names in a column format called called /tmp/usr.input. The usr.input file can be used with the spacs_cntrl command. Once you are comfortable using Login Control, you can uncomment the spacs_cntrl command in this script. This file is in /usr/lpp/ssp/samples.
#!/usr/lpp/ssp/perl/bin/perl
######################################################
# Description:
#
# This sample script will build a file of users from the /etc/passwd
# file to input to spacs_cntrl.
#
# The following items should be checked and possibly changed to conform
# to the policy at your site.
#
# 1) uid threshhold to start adding users to the file. Should be large
# enough to prevent system users such as root, adm, bin, lpd, etc.
# from being added to the file for spacs_cntrl. The arbitary value
# used is 125.
#
# 2) flags for spacs_cntrl. The logging flag is issued to
# allow you to follow the actions of spacs_cntrl. You may wish to
# remove this flag once you are familiar with running spacs_cntrl.
# The -s flag suppresses error messages which are logged then -l is
# issued.
#######################################################
# required files.
$usrfile="/tmp/usr.input";
$uidstart = 125;
$allokay = 0;
$syserror = 2;
# open the usr.input file
unless ( open(USRFILE,">$usrfile") ) {
print "block_usr: Cannot open usr.input file.\n";
exit ($syserror);
}
# write any names with a uid of 125 or above into file
while ( ($uname,$passwd,$uid) = getpwent ) {
if ( $uid >= $uidstart ) {
print USRFILE $uname,"\n";
}
}
close(USRFILE);
# make sure file has entries
if ( -z $usrfile ) {
print "block_usr: No entries in $usrfile. Not executing spacs_cntrl.\n";
exit($syserror);
}
# Uncomment the following for this script to automatically run the spacs_cntrl command
# and block users.
# issue spacs_cntrl to block users in the file.
#system "/usr/lpp/ssp/bin/spacs_cntrl -s -l -f $usrfile block";
#$rc=$?;
#if ( $rc != 0 ) {
# $rc = ($rc >> 8);
# print "block_usr: Possible error from spacs_cntrl. Return code = $rc\n";
# exit($rc);
#}
exit ($allokay)