Date: Fri, 14 Jan 2000 02:46:11 -0500 (EST) From: Mike Nowlin <mike@argos.org> To: Nicholas Brawn <ncb@zip.com.au> Cc: freebsd-security@FreeBSD.ORG Subject: Re: Disallow remote login by regular user. Message-ID: <Pine.LNX.4.05.10001140240120.32763-100000@jason.argos.org> In-Reply-To: <Pine.LNX.4.10.10001141203280.3124-100000@zipperii.zip.com.au>
next in thread | previous in thread | raw e-mail | index | archive | help
> Hi folks. I'm trying to ocnfigure my system so that I can disallow a
> particular user account from being able to login remotely, and forcing
> users to su to the account instead. How may I configure this?
Be careful of your definition of "remotely". I have several users that
need to telnet into a machine to trigger a program to run, but they're
only allowed to telnet in from certain machines on the local network, and
we don't want them triggering it from home. /etc/login.conf with a few
extra class entries can be your friend. With a bit of careful planning,
locking down certain users (or opening it up to certain users) is fairly
easy. Check the "hosts.{allow|deny}" and "ttys.{allow|deny}" entries in
the man page for login.conf.
--mike
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.4.05.10001140240120.32763-100000>