Hi List, I have set all users on my network to have a shell of /bin/true to deny them console or terminal login. (Of course, root has a proper shell, as do I.) Some users only have mail or ftp access, and I'd like to deny those users GUI login too. Is that possible? If so, how? I'm using KDE 3.4 and KDM on 9.2. Cheers Dylan -- "I see your Schwartz is as big as mine" -Dark Helmet
On Wednesday 06 April 2005 23:25, Dylan wrote:
Hi List,
I have set all users on my network to have a shell of /bin/true to deny them console or terminal login. (Of course, root has a proper shell, as do I.) Some users only have mail or ftp access, and I'd like to deny those users GUI login too. Is that possible? If so, how? I'm using KDE 3.4 and KDM on 9.2.
One way is to add account required pam_access.so to /etc/pam.d/xdm (or kdm, or whichever it's using), and then add a line -:ALL EXCEPT root,myuser:ALL That will lock them out of the graphical login, while they can still use ftp and whatever other services you have
On Wednesday 06 April 2005 23:49, Anders Johansson wrote:
On Wednesday 06 April 2005 23:25, Dylan wrote:
Hi List,
I have set all users on my network to have a shell of /bin/true to deny them console or terminal login. (Of course, root has a proper shell, as do I.) Some users only have mail or ftp access, and I'd like to deny those users GUI login too. Is that possible? If so, how? I'm using KDE 3.4 and KDM on 9.2.
One way is to add
account required pam_access.so
to /etc/pam.d/xdm (or kdm, or whichever it's using), and then add a line
-:ALL EXCEPT root,myuser:ALL
missed a line. add this line to /etc/security/access.conf I meant to say
On Wednesday 06 Apr 2005 22:52 pm, Anders Johansson wrote:
On Wednesday 06 April 2005 23:49, Anders Johansson wrote:
On Wednesday 06 April 2005 23:25, Dylan wrote:
Hi List,
I have set all users on my network to have a shell of /bin/true to deny them console or terminal login. (Of course, root has a proper shell, as do I.) Some users only have mail or ftp access, and I'd like to deny those users GUI login too. Is that possible? If so, how? I'm using KDE 3.4 and KDM on 9.2.
One way is to add
account required pam_access.so
to /etc/pam.d/xdm (or kdm, or whichever it's using), and then add a line
-:ALL EXCEPT root,myuser:ALL
missed a line. add this line to /etc/security/access.conf I meant to say
Right, I'll read up on that, thanks. Now, I use NIS to distribute login info - how easy would it be to distribute that centrally? Or should I set up a group for all the disallowed users and simply bar that group on all clients? Cheers Dylan -- "I see your Schwartz is as big as mine" -Dark Helmet
participants (2)
-
Anders Johansson
-
Dylan