From owner-freebsd-questions  Wed Jul 19 19:36:44 2000
Delivered-To: freebsd-questions@freebsd.org
Received: from Kitten.mcs.net (Kitten.mcs.com [192.160.127.90])
	by hub.freebsd.org (Postfix) with ESMTP id D63EF37B9A3
	for <questions@FreeBSD.ORG>; Wed, 19 Jul 2000 19:36:41 -0700 (PDT)
	(envelope-from spikeman@myself.com)
Received: from myself.com (spikeman@nemean.spikeman.net [204.137.229.4])
	by Kitten.mcs.net (8.9.3/8.9.3) with ESMTP id VAA24473;
	Wed, 19 Jul 2000 21:36:37 -0500 (CDT)
	(envelope-from spikeman@myself.com)
Message-ID: <397665E0.B5905F40@myself.com>
Date: Wed, 19 Jul 2000 21:37:20 -0500
From: Spikeman <spikeman@myself.com>
Organization: SDN - http://www.spikeman.net
X-Mailer: Mozilla 4.7 [en] (WinNT; I)
X-Accept-Language: en
MIME-Version: 1.0
To: David Daugherty <doc@wcug.wwu.edu>
Cc: questions@FreeBSD.ORG
Subject: Re: login.access
References: <Pine.LNX.3.96.1000719191536.11768A-100000@sloth>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Well you could make those users shells you dont want being
able to access the shell by making their shell to something that
will just exit them out of the system. you would have to add that
shell take to /etc/shells ... I have one that just echos "you are not
allowed shell access" and then exits them out..

David Daugherty wrote:

> I'm trying to block all users with the exception of 2 from ssh'ing to my
> system and gaining shell access. So, in the login.access I have:
> +:root davidd:ALL
> +:ALL:console
> -:ALL:ALL
>
> This is not working because I'm still able to ssh into the box with
> usernames not listed above. Does anyone see anything wrong with the rules
> above?
>
> Of course root is already denied access through ssh. Just need to be able
> to log in as root at the console.
>
> David
> Software Engineer - NetManage
> Work email: david.daugherty@netmanage.com
> Home email: doc@wcug.wwu.edu
> ICQ 21106703
> Washington State Resident
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message

--
     ___
    /\  \ phase two of global domination in operation, hide all lions.
   /::\  \
  /:/\:\  \ Comments or Questions email spikeman@myself.com
 _\:\~\:\  \
/\ \:\ \:\__\ Spikeman      spikeman@myself.com
\:\ \:\ \/__/    http://www.spikeman.net
 \:\ \:\__\    Find Me On EFNET /whois Spikeman
  \:\/:/  /
   \::/  /      Friends are lights in winter;
    \/__/ The older the friend, the brighter the light.




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message