Login restrictions in NIS environment
James Cooley
jcooley at fit.edu
Wed Jun 8 19:25:32 UTC 2005
try:
+:root:192.168.0.2
-:root:ALL EXCEPT LOCAL
Alternatively, since the rules are on a 'first match wins' basis you
could set all of your allowed accesses first ( with + signs). At the
end of the file, you can put:
-:ALL:ALL
which will deny everyone else.
--James Cooley
Richard Hobbs wrote:
>Hello,
>
>OK, I have now made the following changes:
>
>
>1. Put the system back to how it was before I started all this.
>
>
>2. Add the following line into "/etc/pam.d/system-auth":
> account required /lib/security/pam_access.so
>
>
>3. Add the following line into "/etc/security/access.conf":
> -:ALL EXCEPT rhobbs nbaker root:ALL EXCEPT LOCAL
>
>
>It now works perfectly! Everyone is banned from remotely logging into the
>system except rhobbs, nbaker and root!
>
>I need to make one more change though... And it doesn't seem to work. I need
>to ban root from logging in remotely except from certain IP addresses.
>
>I have tried the following, but it does not allow root to login even from
>that IP address:
>
> -:ALL EXCEPT rhobbs nbaker root at 192.168.0.2:ALL EXCEPT LOCAL
>
>I have also tried using the hostname, and hostname.domain.co.uk instead of
>the IP address, but root still cannot log in from that host.
>
>Do you know how I can ban everyone from logging in remotely, except for a
>few users, and how I can ban root from logging in from any machine except
>particular ones?
>
>Thanks again, this is incredibly useful and massively appreciated :-)
>
>Richard.
>
>
>
--
--
James Cooley
Sr. Systems Analyst
Information Technology
Florida Tech
321-674-7999
jcooley at it.fit.edu
More information about the redhat-list
mailing list