[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Login restrictions in NIS environment



try:

+:root:192.168.0.2
-:root:ALL EXCEPT LOCAL

Alternatively, since the rules are on a 'first match wins' basis you
could set all of your allowed accesses first ( with + signs).  At the
end of the file, you can put:

-:ALL:ALL

which will deny everyone else.

--James Cooley



Richard Hobbs wrote:

>Hello,
>
>OK, I have now made the following changes:
>
>
>1. Put the system back to how it was before I started all this.
>
>
>2. Add the following line into "/etc/pam.d/system-auth":
>     account    required     /lib/security/pam_access.so
>
>
>3. Add the following line into "/etc/security/access.conf":
>     -:ALL EXCEPT rhobbs nbaker root:ALL EXCEPT LOCAL
>
>
>It now works perfectly! Everyone is banned from remotely logging into the
>system except rhobbs, nbaker and root!
>
>I need to make one more change though... And it doesn't seem to work. I need
>to ban root from logging in remotely except from certain IP addresses.
>
>I have tried the following, but it does not allow root to login even from
>that IP address:
>
>     -:ALL EXCEPT rhobbs nbaker root 192 168 0 2:ALL EXCEPT LOCAL
>
>I have also tried using the hostname, and hostname.domain.co.uk instead of
>the IP address, but root still cannot log in from that host.
>
>Do you know how I can ban everyone from logging in remotely, except for a
>few users, and how I can ban root from logging in from any machine except
>particular ones?
>
>Thanks again, this is incredibly useful and massively appreciated :-)
>
>Richard.
>
>  
>


-- 
--
James Cooley
Sr. Systems Analyst
Information Technology
Florida Tech
321-674-7999
jcooley it fit edu



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]