Re: user setup question
From: Louis LeBlanc (freebsd_at_keyslapper.org)
Date: 03/14/04
- Previous message: Timothy E Bogue: "possible sendmail config problem/Perl"
- In reply to: Lars Eighner: "Re: user setup question"
- Next in thread: Loren M. Lang: "Re: user setup question"
- Reply: Loren M. Lang: "Re: user setup question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Sun, 14 Mar 2004 10:58:05 -0500 To: Lars Eighner <eighner@io.com>
On 03/13/04 04:29 PM, Lars Eighner sat at the `puter and typed:
> On Sat, 13 Mar 2004, Louis LeBlanc wrote:
>
> > I have an odd question.
> >
> > I need to add a user to a system, but I don't want this user to be
> > able to log in from outside - meaning only from the console itself.
> >
> > I know root is set up this way, but I'm not sure how to do this.
> >
> > Any pointers?
> >
> > TIA
> > Lou
> >
>
> see login.access file in /etc, also man 5 login.access
>
> You can restrict the user to logging in only from the console,
> or to logging in only locally. I suppect you really do not mean
> to restrict the user to logging in only at the console, but that
> you mean the user should be able to log into to any local terminal.
That is exactly what I'm trying to do. I did find the login.access
file, but it didn't seem to work.
I set the user up as follows:
-:userid:ALL EXCEPT LOCAL
which I understand is the correct syntax. Problem is how to get it to
take effect without a reboot. The manpage doesn't say anything about
restarting or HUPing a process - like you would inetd after changing
inetd.conf.
A quick Google revealed that sshd doesn't honor the login.access by
default. I set UseLogin to 'yes' in /etc/ssh/sshd_config, HUPed sshd,
and it seems to work fine.
Seems to me this should be cause for concern. Why would sshd ignore
login.access by default? Shouldn't all shell access methods honor any
form of access restriction by default?
Thanks.
Lou
-- Louis LeBlanc leblanc@keyslapper.org Fully Funded Hobbyist, KeySlapper Extrordinaire :) http://www.keyslapper.org ԿԬ Recursion n.: See Recursion. -- Random Shack Data Processing Dictionary _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"
- Previous message: Timothy E Bogue: "possible sendmail config problem/Perl"
- In reply to: Lars Eighner: "Re: user setup question"
- Next in thread: Loren M. Lang: "Re: user setup question"
- Reply: Loren M. Lang: "Re: user setup question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
