Hi list, SLES9 i386 sp3 pwdutils-2.6.4-2.25 I'm trying to prevent user login when no home directory, but setting 'DEFAULT_HOME no' in /etc/login.defs doesn't seem to have any affect: hvxen-0c:~ # grep DEFAULT_HOME /etc/login.defs hvxen-0c:~ # mv /home/slim/ /home/notslim agould@isis:~/ucop/notes/installion> ssh slim@hvxen-0c Password: Could not chdir to home directory /home/slim: No such file or directory slim@hvxen-0c:/> Is there a bug in pwdutils? or a missing pam config? -- -ashley Did you try poking at it with a stick?
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Ashley Gould schrieb:
Hi list,
SLES9 i386 sp3 pwdutils-2.6.4-2.25
I'm trying to prevent user login when no home directory, but setting 'DEFAULT_HOME no' in /etc/login.defs doesn't seem to have any affect:
hvxen-0c:~ # grep DEFAULT_HOME /etc/login.defs hvxen-0c:~ # mv /home/slim/ /home/notslim
agould@isis:~/ucop/notes/installion> ssh slim@hvxen-0c Password: Could not chdir to home directory /home/slim: No such file or directory slim@hvxen-0c:/>
Is there a bug in pwdutils? or a missing pam config?
Edit /etc/passwd and change login-shell to /bin/false (last entry in each line). This can be set to default (change default ligin-shell to /bin/false with yast). This will set this for any new added user in future. If you like to give one shell-access do give him /bin/bash as shell. Regards Philippe - -- Diese Nachricht ist digital signiert und enthält weder Siegel noch Unterschrift! Die unaufgeforderte Zusendung einer Werbemail an Privatleute verstößt gegen §1 UWG und 823 I BGB (Beschluß des LG Berlin vom 2.8.1998 Az: 16 O 201/98). Jede kommerzielle Nutzung der übermittelten persönlichen Daten sowie deren Weitergabe an Dritte ist ausdrücklich untersagt! -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) Comment: GnuPT 2.7.2 Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQD1AwUBRBLp+0Ng1DRVIGjBAQImuAb/VXer3jkV9Lv+emxhddKGsuxtrYJoTCae 12w874bP5mQDPANAdkH+Ao6R6VRVmXS2A8t5upDVlZJT1gAFsZIhbSuJs471U2sF Ar62d1q+e1beqE1TWR+QNSConRN/vbySy5jxxX2XyRfxHNGZ8jQ/lk0f6HSlYe8e zdV4SewCAQCGzD14C2ECUdQsJ7EDhYBhchAamq8aeqFXtC0OqF53M2YeuzUTZCtp 3i3YcQ6vN5Fu7DqRKmn6XyJztUJ6mVssJX2VgsuZi8oPOZzAzTj5NG9zyXL5XmUM olJkN6N8qmc= =e3mb -----END PGP SIGNATURE-----
Hi *, there is a pam module called /lib/security/pam_homecheck.so I guess that`s what you want. Dirk Philippe Vogel schrieb:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Ashley Gould schrieb:
Hi list,
SLES9 i386 sp3 pwdutils-2.6.4-2.25
I'm trying to prevent user login when no home directory, but setting 'DEFAULT_HOME no' in /etc/login.defs doesn't seem to have any affect:
hvxen-0c:~ # grep DEFAULT_HOME /etc/login.defs hvxen-0c:~ # mv /home/slim/ /home/notslim
agould@isis:~/ucop/notes/installion> ssh slim@hvxen-0c Password: Could not chdir to home directory /home/slim: No such file or directory slim@hvxen-0c:/>
Is there a bug in pwdutils? or a missing pam config?
Edit /etc/passwd and change login-shell to /bin/false (last entry in each line). This can be set to default (change default ligin-shell to /bin/false with yast). This will set this for any new added user in future. If you like to give one shell-access do give him /bin/bash as shell.
Regards
Philippe
- -- Diese Nachricht ist digital signiert und enthält weder Siegel noch Unterschrift!
Die unaufgeforderte Zusendung einer Werbemail an Privatleute verstößt gegen §1 UWG und 823 I BGB (Beschluß des LG Berlin vom 2.8.1998 Az: 16 O 201/98). Jede kommerzielle Nutzung der übermittelten persönlichen Daten sowie deren Weitergabe an Dritte ist ausdrücklich untersagt! -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) Comment: GnuPT 2.7.2 Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iQD1AwUBRBLp+0Ng1DRVIGjBAQImuAb/VXer3jkV9Lv+emxhddKGsuxtrYJoTCae 12w874bP5mQDPANAdkH+Ao6R6VRVmXS2A8t5upDVlZJT1gAFsZIhbSuJs471U2sF Ar62d1q+e1beqE1TWR+QNSConRN/vbySy5jxxX2XyRfxHNGZ8jQ/lk0f6HSlYe8e zdV4SewCAQCGzD14C2ECUdQsJ7EDhYBhchAamq8aeqFXtC0OqF53M2YeuzUTZCtp 3i3YcQ6vN5Fu7DqRKmn6XyJztUJ6mVssJX2VgsuZi8oPOZzAzTj5NG9zyXL5XmUM olJkN6N8qmc= =e3mb -----END PGP SIGNATURE-----
TRIA IT-consulting GmbH Joseph-Wild-Straße 20 81829 München Germany Tel: +49 (89) 92907-0 Fax: +49 (89) 92907-100 http://www.tria.de Registergericht München HRB 113466 USt.-IdNr. DE 180017238 Steuer-Nr. 802/40600 Geschäftsführer: Richard Hofbauer kaufm. Geschäftsleitung: Rosa Igl -------------------------------------------------------- Nachricht von: Dirk.Schreiner@tria.de Nachricht an: filiaap@freenet.de, suse-security@suse.com # Dateianhänge: 0
Thankyou. I inserted the line session required pam_homecheck.so into the files: /etc/pam.d/login /etc/pam.d/sshd /etc/pam.d/su all is well. Can I assume pam overrides directives in /etc/login.defs? On Sun, Mar 12, 2006 at 09:27:29AM +0100, Dirk Schreiner wrote:
Hi *,
there is a pam module called /lib/security/pam_homecheck.so I guess that`s what you want.
Dirk
Philippe Vogel schrieb:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Ashley Gould schrieb:
Hi list,
SLES9 i386 sp3 pwdutils-2.6.4-2.25
I'm trying to prevent user login when no home directory, but setting 'DEFAULT_HOME no' in /etc/login.defs doesn't seem to have any affect:
hvxen-0c:~ # grep DEFAULT_HOME /etc/login.defs hvxen-0c:~ # mv /home/slim/ /home/notslim
agould@isis:~/ucop/notes/installion> ssh slim@hvxen-0c Password: Could not chdir to home directory /home/slim: No such file or directory slim@hvxen-0c:/>
Is there a bug in pwdutils? or a missing pam config?
Edit /etc/passwd and change login-shell to /bin/false (last entry in each line). This can be set to default (change default ligin-shell to /bin/false with yast). This will set this for any new added user in future. If you like to give one shell-access do give him /bin/bash as shell.
Regards
Philippe
- -- Diese Nachricht ist digital signiert und enthält weder Siegel noch Unterschrift!
Die unaufgeforderte Zusendung einer Werbemail an Privatleute verstößt gegen §1 UWG und 823 I BGB (Beschluß des LG Berlin vom 2.8.1998 Az: 16 O 201/98). Jede kommerzielle Nutzung der übermittelten persönlichen Daten sowie deren Weitergabe an Dritte ist ausdrücklich untersagt! -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) Comment: GnuPT 2.7.2 Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iQD1AwUBRBLp+0Ng1DRVIGjBAQImuAb/VXer3jkV9Lv+emxhddKGsuxtrYJoTCae 12w874bP5mQDPANAdkH+Ao6R6VRVmXS2A8t5upDVlZJT1gAFsZIhbSuJs471U2sF Ar62d1q+e1beqE1TWR+QNSConRN/vbySy5jxxX2XyRfxHNGZ8jQ/lk0f6HSlYe8e zdV4SewCAQCGzD14C2ECUdQsJ7EDhYBhchAamq8aeqFXtC0OqF53M2YeuzUTZCtp 3i3YcQ6vN5Fu7DqRKmn6XyJztUJ6mVssJX2VgsuZi8oPOZzAzTj5NG9zyXL5XmUM olJkN6N8qmc= =e3mb -----END PGP SIGNATURE-----
TRIA IT-consulting GmbH Joseph-Wild-Straße 20 81829 München Germany Tel: +49 (89) 92907-0 Fax: +49 (89) 92907-100 http://www.tria.de
Registergericht München HRB 113466 USt.-IdNr. DE 180017238 Steuer-Nr. 802/40600 Geschäftsführer: Richard Hofbauer kaufm. Geschäftsleitung: Rosa Igl -------------------------------------------------------- Nachricht von: Dirk.Schreiner@tria.de Nachricht an: filiaap@freenet.de, suse-security@suse.com # Dateianhänge: 0
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
-- -ashley Did you try poking at it with a stick?
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi! Ashley Gould schrieb:
Thankyou. I inserted the line session required pam_homecheck.so
into the files: /etc/pam.d/login /etc/pam.d/sshd /etc/pam.d/su
all is well. Can I assume pam overrides directives in /etc/login.defs?
Yes! I modified this for samba acting as pdc. Keep a backup of your old config (to switch back in case of an error) and check if it works (maybe on a non-important server), before you put this on your important server. Regards Philippe -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) Comment: GnuPT 2.7.2 Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQD1AwUBRBXQA0Ng1DRVIGjBAQJQBQb7Bpq/DX9E0HMoHVEJlw3gl5nTB3YirORr 0Gx5G8LwMEPyJE/+der3/JKWsg/+oFHN1R3NyGk7znFxQIhxhbJIEu54j0z31dG2 i1A3FXTnVg4o2HdDmAd+rlgIqz5sYeD9fF8eif5JaDEK9rjWxk/dizAyxX6OG5Ct jhFtz86UFe9VlQUX2KoY7cef/xEHKyszfE1NEJnOnxibNBJ83O21oraASX75gzYT L5neUJmx63sasAKbJuZtHPeeII0sLaZusMUf9xjesCYfVHFODs8JiYBVNJbkhPAU dLAocTDprqk= =zQcc -----END PGP SIGNATURE-----
participants (3)
-
Ashley Gould
-
Dirk Schreiner
-
Philippe Vogel