question: restrict access to a machine on user-basis
hello everybody, does anyone have an idea how to restrict access to a machine on user-basis? For what I have in mind, it would be desireable, that some users can access the machine only via ftp, but not via ssh, etc. thanks rüdiger
Hi Rüdiger! rüdiger erb wrote:
hello everybody,
does anyone have an idea how to restrict access to a machine on user-basis? For what I have in mind, it would be desireable, that some users can access the machine only via ftp, but not via ssh, etc.
How many different types of users do you have? If you have a group of unix users (which need ssh etc) and a group of users using linux only as a file server, you might try to authenticate against a different database. E.g. ldap or a samba-pdc for the fileservices, but not for "true" unix users, which would need a shadow entry. This is just a simple suggestion, not the general answer to your question. CU, Lars.
"Lars O. Grobe" wrote: hi lars, in fact I only have these two groups of users to manage. ldap seems an interesting suggestion, I do not know enough about ldap, but I will follow that track. thanks a lot, rüdiger **********************************
Hi Rüdiger!
rüdiger erb wrote:
hello everybody,
does anyone have an idea how to restrict access to a machine on user-basis? For what I have in mind, it would be desireable, that some users can access the machine only via ftp, but not via ssh, etc.
How many different types of users do you have? If you have a group of unix users (which need ssh etc) and a group of users using linux only as a file server, you might try to authenticate against a different database. E.g. ldap or a samba-pdc for the fileservices, but not for "true" unix users, which would need a shadow entry. This is just a simple suggestion, not the general answer to your question.
CU, Lars.
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
PAM has the answer to all your questions :-)
This is exactly what /lib/security/pam_group.so (PAM group authentication module) was designed for...
Cheers
--
Viel Spaß
Nix - nix@susesecurity.com
http://www.susesecurity.com
On Sat, 17 Nov 2001 20:29:59 +0100
rüdiger erb
"Lars O. Grobe" wrote: hi lars,
in fact I only have these two groups of users to manage. ldap seems an interesting suggestion, I do not know enough about ldap, but I will follow that track.
thanks a lot, rüdiger
**********************************
Hi Rüdiger!
rüdiger erb wrote:
hello everybody,
does anyone have an idea how to restrict access to a machine on user-basis? For what I have in mind, it would be desireable, that some users can access the machine only via ftp, but not via ssh, etc.
How many different types of users do you have? If you have a group of unix users (which need ssh etc) and a group of users using linux only as a file server, you might try to authenticate against a different database. E.g. ldap or a samba-pdc for the fileservices, but not for "true" unix users, which would need a shadow entry. This is just a simple suggestion, not the general answer to your question.
CU, Lars.
Il 16:14, sabato 17 novembre 2001, rüdiger erb ha scritto:
hello everybody,
does anyone have an idea how to restrict access to a machine on user-basis? For what I have in mind, it would be desireable, that some users can access the machine only via ftp, but not via ssh, etc.
thanks rüdiger
Use /bin/false for users who do not need shell access. Praise
participants (4)
-
Lars O. Grobe
-
Peter Nixon
-
Praise
-
rüdiger erb