by Oliver Lot » Tue, 20 Nov 2001 23:06:12
i wonder if there is an easy and secure way to disable logins for certain
users on specific solaris-hosts.
Placing an /etc/nologin will block our administration accounts (not root) as
well.
Thanks, in advance.
--
Oliver Lotz
EPOS GmBH
by Rune Kristian Vik » Tue, 20 Nov 2001 23:23:57
If you are talking about users over NIS, create a specific group all those
users belong to, and give that group a nologin shell.
--
Rune Kristian Viken
by Oliver Lot » Tue, 20 Nov 2001 23:56:12
Regards,
Oliver
> > i wonder if there is an easy and secure way to disable logins for
certain
> > users on specific solaris-hosts.
> > Placing an /etc/nologin will block our administration accounts (not
root) as
> > well.
> Create a nologin shell, and set the users shell to that.
> If you are talking about users over NIS, create a specific group all those
> users belong to, and give that group a nologin shell.
> --
> Rune Kristian Viken
by Rune Kristian Vik » Wed, 21 Nov 2001 00:06:49
Create a netgroup containing those that SHOULD NOT have access. Then
add to /etc/passwd:
where /usr/local/bin/noaccess is your nologin-shell, with an optional
"you do not have access here" message.
From what I've googled up right now, it seems to be the way to do it
under solaris too. :)
--
Rune Kristian Viken
by Nick Bachman » Wed, 21 Nov 2001 07:57:50
>>>Create a nologin shell, and set the users shell to that.
>>>If you are talking about users over NIS, create a specific group all those
>>>users belong to, and give that group a nologin shell.
>>I am talking about users over NIS. How can i define a shell for group?
>>Do you mean Unix-group (/etc/group) or netgroup (NIS)?
> First off, I want to say that I've never done this on Solaris, but you
> could try:
> Create a netgroup containing those that SHOULD NOT have access. Then
> add to /etc/passwd:
> where /usr/local/bin/noaccess is your nologin-shell, with an optional
> "you do not have access here" message.
--Quote:> From what I've googled up right now, it seems to be the way to do it
> under solaris too. :)
by Rune Kristian Vik » Wed, 21 Nov 2001 16:52:05
Personally I _prefer_ to give some kind of errormessage to the already
authenticated user that "sorry, you do not have access here", instead
of just disconnecting him. For example, giving the reasons why the user
do not have access to that particular machine, or whatever.
--
Rune Kristian Viken
by Doug Freyubrg » Thu, 22 Nov 2001 05:04:26
> Create a netgroup containing those that SHOULD NOT have access. Then
> add to /etc/passwd:
1. SSH how to restrict remote access to certain domains or certain users ?
hi :)
i'd like to enable remote access via ssh to my private computer on the
internet.
(so far my firewall prohibits any access)
yet, i want to restrickt access to certain domains or certain users!
how do i configure that? sorry, i am fairly new to linux (suse 7.0)
do i have to add some statements to the files /etc/hosts.allow or
/etc/hosts.deny?
if yes, please tell me which statements to add :)
thank your very much for your help
cu
ingo
you may answer in english or german :-)
3. Restrict only Telnet from certain hosts
4. Help: Getting GCC to accept multiple declarations.
5. Is there anyway of restricting TCP service to certain hosts only?
7. Q: restricting user from logging in certain tty's
8. How to remove files with special characters in their names ?
9. How do I restrict SSH to certain users
10. How do I restrict site users acces to certain folders
11. restricting certain users from loggin in
12. userdir restricted to certain users- want to split one server into 2 seperate servers
13. Restrict ftp user to certain directory tree?