Results 1 to 10 of 10

Thread: Disable ALL users LOGIN only?

  1. #1
    Join Date
    Aug 2011
    Posts
    68

    Disable ALL users LOGIN only?

    Hi, i have a question....
    Is it possible some how disable ALL user logins?
    What do i mean?
    If i disable A user... domain and emails from this user dosent work... OK
    NOW i want to disable ALL users login....
    I mean so that no user (except admin) can login to DA
    WHY?
    Coupple of days my server was compromised, becouse some how a pasword for a user was "guessed" and then somehove they tryed to send 50.000+ emails via this user....
    So... becouse none of my users actualy need (or do they?) login i want to disable this...
    Is it possible??? if yes, how?
    Of no, why not?

  2. #2
    Join Date
    Oct 2004
    Location
    London, UK
    Posts
    6,641
    Suspend all users isnt a good way?

    Regards
    SeLLeRoNe - Andrea Iannucci
    DevOps Engineer - System Administrator
    If you need my support write me an E-Mail to Support@CrazyNetwork.it

  3. #3
    Join Date
    Aug 2008
    Posts
    4,697
    Create file:

    /usr/local/directadmin/scripts/custom/all_post.sh

    Put in it:

    Code:
    #!/bin/sh
    
    if [ "$username" != "admin" ]; then
        echo "Directadmin is currently disabled."
        exit 0
    fi
    Then

    Code:
    chmod 750 /usr/local/directadmin/scripts/custom/all_post.sh
    chown diradmin:diradmin /usr/local/directadmin/scripts/custom/all_post.sh
    /sbin/service directadmin restart

  4. #4
    Join Date
    Jun 2003
    Location
    California
    Posts
    26,123
    I'm not 100% sure what you want to do. If you want to disable all logins including shell logins, and any email logins to the main usernames, then you can add an ! to the beginning of all password fields in /etc/shadow. You can script this, but be careful to save a copy for reuse in the event you make an error. Then you can restore users individually, or all at once, by simply removing those leading ! characters. Note that if anyone adds or removes a user while you're editing the file, those changes will be lost when you save your work. So I'd rename the file to something else while editing it, which will disable all logins, including root. Note: this is dangerous; be sure you know what you're doing. If you lose access to the server while the /etcshadow file is unavailable you could lose access to your server.

    Jeff
    +1 951 643-5345
    Third-Party DirectAdmin administration and support
    Dedicated Servers, Dedicated Reseller Accounts
    NoBaloney Internet Services div. Qnito Incorporated
    848 North Rainbow Blvd., Suite #3789
    Las Vegas, NV 89107-1103

  5. #5
    Join Date
    Aug 2011
    Posts
    68
    Right...
    suspending is not an options, becouse http pages and user emails dosent work...
    i want just to disable user (owner of the domain) prevent from loging in anything..
    Though i want www pages and POP3/IMAP emails on the domain working like now...

  6. #6
    Join Date
    Aug 2011
    Posts
    68
    Quote Originally Posted by scsi View Post
    Create file:

    /usr/local/directadmin/scripts/custom/all_post.sh

    Put in it:

    Code:
    #!/bin/sh
    
    if [ "$username" != "admin" ]; then
        echo "Directadmin is currently disabled."
        exit 0
    fi
    Then

    Code:
    chmod 750 /usr/local/directadmin/scripts/custom/all_post.sh
    chown diradmin:diradmin /usr/local/directadmin/scripts/custom/all_post.sh
    /sbin/service directadmin restart
    Is this method used only for DA login, or everithing?
    For instance... if a user(domain owner) wants to login into FTP/email ?

  7. #7
    Join Date
    Aug 2011
    Posts
    68
    Quote Originally Posted by nobaloney View Post
    I'm not 100% sure what you want to do. If you want to disable all logins including shell logins, and any email logins to the main usernames, then you can add an ! to the beginning of all password fields in /etc/shadow. You can script this, but be careful to save a copy for reuse in the event you make an error. Then you can restore users individually, or all at once, by simply removing those leading ! characters. Note that if anyone adds or removes a user while you're editing the file, those changes will be lost when you save your work. So I'd rename the file to something else while editing it, which will disable all logins, including root. Note: this is dangerous; be sure you know what you're doing. If you lose access to the server while the /etcshadow file is unavailable you could lose access to your server.

    Jeff
    Have checked the file...
    Some users have already ! in start of the password...
    Is this just coincidence ?
    I think best is, like you say.... make a copy of a file.. and test for 1 user...

  8. #8
    Join Date
    Jun 2003
    Location
    California
    Posts
    26,123
    Quote Originally Posted by TestUser View Post
    Is this method used only for DA login, or everithing?
    For instance... if a user(domain owner) wants to login into FTP/email ?
    Only for DirectAdmin, which is why I didn't recommend it.
    Quote Originally Posted by TestUser View Post
    Have checked the file...
    Some users have already ! in start of the password...
    Is this just coincidence ?
    Not quite. An encoded password cannot start with the ! character, so it's the common way to disable a password. And so it's the way DirectAdmin disables a password when you suspend a site. It's not the only thing DirectAdmin does, though, to disable a site, and doing it alone does not disable a site, but only the login. You could of course just change the password, but then you couldn't restore it unless you saved it previously; using the ! gives you a way to disable the password, and then re-enable it later, by removing the !. You shuld of course keep a list separately, of what you've disabled and why.
    I think best is, like you say.... make a copy of a file.. and test for 1 user...
    Always.

    Jeff
    +1 951 643-5345
    Third-Party DirectAdmin administration and support
    Dedicated Servers, Dedicated Reseller Accounts
    NoBaloney Internet Services div. Qnito Incorporated
    848 North Rainbow Blvd., Suite #3789
    Las Vegas, NV 89107-1103

  9. #9
    Join Date
    Aug 2011
    Posts
    68
    Thank you ALL!!!

  10. #10
    Join Date
    Aug 2008
    Posts
    4,697
    That way would only stop ftp and system login access. They still could get into email fine. Your best to just use a firewall to stop communication for a short period of time.

Similar Threads

  1. Disable Perl for users
    By Dromok in forum General Technical Discussion & Troubleshooting
    Replies: 4
    Last Post: 02-04-2012, 10:23 AM
  2. Disable backup for certain users?
    By rvn2k in forum DirectAdmin General Discussion
    Replies: 4
    Last Post: 03-08-2009, 05:22 AM
  3. [proftpd] how can i disable login from sys' users?
    By unknow in forum General Technical Discussion & Troubleshooting
    Replies: 0
    Last Post: 02-08-2009, 05:33 AM
  4. disable ssh for users only
    By jnet in forum General Technical Discussion & Troubleshooting
    Replies: 2
    Last Post: 12-12-2008, 07:01 AM
  5. Disable login for apache
    By Gpro in forum DirectAdmin General Discussion
    Replies: 1
    Last Post: 06-04-2004, 10:45 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •