How to restrict hosts for certain users?

How to restrict hosts for certain users?

Post by Oliver Lot » Tue, 20 Nov 2001 23:06:12



Hello,

i wonder if there is an easy and secure way to disable logins for certain
users on specific solaris-hosts.
Placing an /etc/nologin will block our administration accounts (not root) as
well.

Thanks, in advance.

--
Oliver Lotz
EPOS GmBH

 
 
 

How to restrict hosts for certain users?

Post by Rune Kristian Vik » Tue, 20 Nov 2001 23:23:57



> i wonder if there is an easy and secure way to disable logins for certain
> users on specific solaris-hosts.
> Placing an /etc/nologin will block our administration accounts (not root) as
> well.

Create a nologin shell, and set the users shell to that.

If you are talking about users over NIS, create a specific group all those
users belong to, and give that group a nologin shell.

--
Rune Kristian Viken

 
 
 

How to restrict hosts for certain users?

Post by Oliver Lot » Tue, 20 Nov 2001 23:56:12


I am talking about users over NIS. How can i define a shell for group?
Do you mean Unix-group (/etc/group) or netgroup (NIS)?

Regards,
Oliver





> > i wonder if there is an easy and secure way to disable logins for
certain
> > users on specific solaris-hosts.
> > Placing an /etc/nologin will block our administration accounts (not
root) as
> > well.

> Create a nologin shell, and set the users shell to that.

> If you are talking about users over NIS, create a specific group all those
> users belong to, and give that group a nologin shell.

> --
> Rune Kristian Viken

 
 
 

How to restrict hosts for certain users?

Post by Rune Kristian Vik » Wed, 21 Nov 2001 00:06:49



>> Create a nologin shell, and set the users shell to that.
>> If you are talking about users over NIS, create a specific group all those
>> users belong to, and give that group a nologin shell.
> I am talking about users over NIS. How can i define a shell for group?
> Do you mean Unix-group (/etc/group) or netgroup (NIS)?

First off, I want to say that I've never done this on Solaris, but you
could try:

Create a netgroup containing those that SHOULD NOT have access.  Then
add to /etc/passwd:

where /usr/local/bin/noaccess is your nologin-shell, with an optional
"you do not have access here" message.

From what I've googled up right now, it seems to be the way to do it
under solaris too. :)

--
Rune Kristian Viken

 
 
 

How to restrict hosts for certain users?

Post by Nick Bachman » Wed, 21 Nov 2001 07:57:50




>>>Create a nologin shell, and set the users shell to that.
>>>If you are talking about users over NIS, create a specific group all those
>>>users belong to, and give that group a nologin shell.

>>I am talking about users over NIS. How can i define a shell for group?
>>Do you mean Unix-group (/etc/group) or netgroup (NIS)?

> First off, I want to say that I've never done this on Solaris, but you
> could try:

> Create a netgroup containing those that SHOULD NOT have access.  Then
> add to /etc/passwd:


> where /usr/local/bin/noaccess is your nologin-shell, with an optional
> "you do not have access here" message.

Wouldn't the ANSI way be to set the shell to /bin/false?

Quote:

> From what I've googled up right now, it seems to be the way to do it
> under solaris too. :)

--
         Regards,
         N
-----------------------------------
Nicholas Bachmann

http://hermie.freeshell.org
"To Boldly Go Where Angels Fear To Tread"
     -From the Infocom Game "Stationfall"
-----------------------------------
 
 
 

How to restrict hosts for certain users?

Post by Rune Kristian Vik » Wed, 21 Nov 2001 16:52:05




>> [SNIP] Then add to /etc/passwd:

>> where /usr/local/bin/noaccess is your nologin-shell, with an optional
>> "you do not have access here" message.
> Wouldn't the ANSI way be to set the shell to /bin/false?

I don't know.

Personally I _prefer_ to give some kind of errormessage to the already
authenticated user that "sorry, you do not have access here", instead
of just disconnecting him.  For example, giving the reasons why the user
do not have access to that particular machine, or whatever.  

--
Rune Kristian Viken

 
 
 

How to restrict hosts for certain users?

Post by Doug Freyubrg » Thu, 22 Nov 2001 05:04:26



> Create a netgroup containing those that SHOULD NOT have access.  Then
> add to /etc/passwd:



Actually, the NIS netgroup database allows you to make an arbitrary mapping of
user accounts to netgroups.  These groups are destinct from GID grups.  You
build a list of user-to-machine mappings for each set of users you find
interesting, and then add the names of those netgroups to the /etc/passwd file
of the machines in question.  Leave out a netgroup, and those users do not have
accounts of that machine.  No need to play the above game of changing shells.
 
 
 

1. SSH how to restrict remote access to certain domains or certain users ?

hi :)

i'd like to enable remote access via ssh to my private computer on the
internet.
(so far my firewall prohibits any access)

yet, i want to restrickt access to certain domains or certain users!

how do i configure that? sorry, i am fairly new to linux (suse 7.0)

do i have to add some statements to the files /etc/hosts.allow or
/etc/hosts.deny?
if yes, please tell me which statements to add :)

thank your very much for your help

cu
ingo

you may answer in english or german :-)

2. XNTP question

3. Restrict only Telnet from certain hosts

4. Help: Getting GCC to accept multiple declarations.

5. Is there anyway of restricting TCP service to certain hosts only?

6. Mail-only user accounts?

7. Q: restricting user from logging in certain tty's

8. How to remove files with special characters in their names ?

9. How do I restrict SSH to certain users

10. How do I restrict site users acces to certain folders

11. restricting certain users from loggin in

12. userdir restricted to certain users- want to split one server into 2 seperate servers

13. Restrict ftp user to certain directory tree?