Q: restricting user from logging in certain tty's

Q: restricting user from logging in certain tty's

Post by Steven Najer » Sat, 25 Jan 1997 04:00:00



Hi, all :)

I'd like to restrict a few users from logging into a specific tty.  
For example, let's say I want to prevent a user "foo" from logging into
tty02.  I know that I can add a few lines in the .kshrc file of "foo" to
do that, but I'd like to have more "user-proof" solution.  Could "login"
itself do this type of screening?  Please, help~

Big thanks in advance!

 
 
 

Q: restricting user from logging in certain tty's

Post by Jean-Pierre Radl » Sat, 25 Jan 1997 04:00:00


Steven Najera's CPU sent forth this bytestream:
| Hi, all :)
|
| I'd like to restrict a few users from logging into a specific tty.  
| For example, let's say I want to prevent a user "foo" from logging into
| tty02.  I know that I can add a few lines in the .kshrc file of "foo" to
| do that, but I'd like to have more "user-proof" solution.  Could "login"
| itself do this type of screening?  Please, help~

Do it in /etc/profile.  The users can't muck with that file.

--


 
 
 

Q: restricting user from logging in certain tty's

Post by Jeff Hyma » Sat, 25 Jan 1997 04:00:00



> Hi, all :)

> I'd like to restrict a few users from logging into a specific tty.  
> For example, let's say I want to prevent a user "foo" from logging into
> tty02.  I know that I can add a few lines in the .kshrc file of "foo" to
> do that, but I'd like to have more "user-proof" solution.  Could "login"
> itself do this type of screening?  Please, help~

> Big thanks in advance!

You could add names to where the string 'mike' is listed below as to
who _could_ login.

:
############################################################################
###        (c) 1995 Lone Star Software Corp. ALL RIGHTS RESERVED         ###
###    This script must be added to the *BEGINNING* of '/etc/profile'    ###
###           Restricts login on modem port to selected users.           ###
############################################################################
MODEM_TRAP="Y" # sh & ksh
if [ "$MODEM_TRAP" = "Y" ]
then
  trap '' 2
  Printer="lp -dlaser"  
  LOG="/tmp/modem$$"
  LOGNAME="`logname`"
  case `tty` in
       /dev/tty2A) case $LOGNAME in
                   mike) # Allow mike to login at the Modem tty2A
                         echo "=================================="  > $LOG ;
                         echo "  ***  Modem Login OK       ***"    >> $LOG ;
                         echo "==================================" >> $LOG ;
                         echo "Date: `date`"                       >> $LOG ;
                         echo "ID: $LOGNAME"                       >> $LOG ;
                         echo "TTY: `tty`"                         >> $LOG ;
                         echo "==================================" >> $LOG ;
                         cat $LOG | mail -s "Modem Login_OK" root ;
                         cat $LOG | $Printer ;                      
                         rm -f $LOG ;;
                      *) # No one else gets in.
                         echo "=================================="  > $LOG ;
                         echo "  ***  MODEM LOGIN ATTEMPT  ***"    >> $LOG ;
                         echo "==================================" >> $LOG ;
                         echo "Date: `date`"                       >> $LOG ;
                         echo "ID: $LOGNAME"                       >> $LOG ;
                         echo "TTY: `tty`"                         >> $LOG ;
                         echo "==================================" >> $LOG ;
                         cat $LOG | mail -s "MODEM_ATTEMPT" root mike ;
                         cat $LOG | $Printer ;                      
                         kill -9 $$ ;      
                         exec /bin/true ;;
               esac ;;
  esac
fi

Hope this helps,
Jeff Hyman, HBW
                                .--.
__________________________  .-. |  |  __________________________________

 Cactus International, Inc. | |_|  | | | Sales:   (800) LONE-TAR
 13987 W. Annapolis Ct.  _  |___   |_| | Support: (301) 829-1622
 Mt. Airy, MD 21771    _| ~-    |   ___| Fax:     (301) 829-1623
 Jeffrey Hyman         \,  _}   |  |     FTP:     ftp.cactus.com
 CompuServe: 74710,2627  \(     |  |     WWW:     http://www.cactus.com
------------------------------- |  | -----------------------------------
                                |  |

 
 
 

Q: restricting user from logging in certain tty's

Post by John DuBo » Tue, 28 Jan 1997 04:00:00




+Hi, all :)
+
+I'd like to restrict a few users from logging into a specific tty.  
+For example, let's say I want to prevent a user "foo" from logging into
+tty02.  I know that I can add a few lines in the .kshrc file of "foo" to
+do that, but I'd like to have more "user-proof" solution.  Could "login"
+itself do this type of screening?  Please, help~

     You could add tty02 to /etc/dialups and assign the user's shell a password
in /etc/d_passwd.  Then they (and anyone else with that shell) would need to
give the password in order to log in on that tty.  To avoid annoying anyone
else with the same shell, link the user's shell to a different name and use
that in d_passwd.
     The problem with trying to restrict users with code in .profile,
/etc/profile, etc. is that hitting the interrupt key at the right moment during
login will abort the sourcing of those files.

        John
--

 
 
 

Q: restricting user from logging in certain tty's

Post by Trever Mill » Sat, 01 Feb 1997 04:00:00



 +Hi, all :)
 +
 +I'd like to restrict a few users from logging into a specific tty.  
 +For example, let's say I want to prevent a user "foo" from logging into
 +tty02.  I know that I can add a few lines in the .kshrc file of "foo" to
 +do that, but I'd like to have more "user-proof" solution.  Could "login"
 +itself do this type of screening?  Please, help~

Go and snag tcp wrappers and then read up on the hosts_access man page.

--

Keeper of the Alberta B5 Mailing List|for 2048/0D2E3955 5F E1 D1 38 2A C9 46 53

"The stupider it looks, the more important it probably is." -- J.R. 'Bob' Dobbs

 
 
 

1. SSH how to restrict remote access to certain domains or certain users ?

hi :)

i'd like to enable remote access via ssh to my private computer on the
internet.
(so far my firewall prohibits any access)

yet, i want to restrickt access to certain domains or certain users!

how do i configure that? sorry, i am fairly new to linux (suse 7.0)

do i have to add some statements to the files /etc/hosts.allow or
/etc/hosts.deny?
if yes, please tell me which statements to add :)

thank your very much for your help

cu
ingo

you may answer in english or german :-)

2. Test/Robot for solaris

3. how do I restrict user's FTP access to certain directory only

4. signal vs sigaction

5. Need HELP to Log User Log-ins form the internet

6. a tcsh script that rename multiple files

7. How to restrict hosts for certain users?

8. eth0 slow to initialize

9. How do I restrict SSH to certain users

10. How do I restrict site users acces to certain folders

11. restricting certain users from loggin in

12. userdir restricted to certain users- want to split one server into 2 seperate servers

13. Restrict ftp user to certain directory tree?