From owner-freebsd-questions Wed Jul 19 22:43: 2 2000 Delivered-To: freebsd-questions@freebsd.org Received: from wcug.wwu.edu (sloth.wcug.wwu.edu [140.160.164.200]) by hub.freebsd.org (Postfix) with SMTP id B267A37BA78 for ; Wed, 19 Jul 2000 22:42:59 -0700 (PDT) (envelope-from doc@wcug.wwu.edu) Received: (qmail 14169 invoked by uid 1074); 20 Jul 2000 05:42:58 -0000 Date: Wed, 19 Jul 2000 22:42:58 -0700 (PDT) From: David Daugherty X-Sender: doc@sloth To: Spikeman Cc: questions@FreeBSD.ORG Subject: Re: login.access In-Reply-To: <397665E0.B5905F40@myself.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG This worked. Although I couldn't get it to cooperated unless I deleted and re-added the user account with a nologin shell. David Software Engineer - NetManage Work email: david.daugherty@netmanage.com Home email: doc@wcug.wwu.edu ICQ 21106703 Washington State Resident On Wed, 19 Jul 2000, Spikeman wrote: > Well you could make those users shells you dont want being > able to access the shell by making their shell to something that > will just exit them out of the system. you would have to add that > shell take to /etc/shells ... I have one that just echos "you are not > allowed shell access" and then exits them out.. > > David Daugherty wrote: > > > I'm trying to block all users with the exception of 2 from ssh'ing to my > > system and gaining shell access. So, in the login.access I have: > > +:root davidd:ALL > > +:ALL:console > > -:ALL:ALL > > > > This is not working because I'm still able to ssh into the box with > > usernames not listed above. Does anyone see anything wrong with the rules > > above? > > > > Of course root is already denied access through ssh. Just need to be able > > to log in as root at the console. > > > > David > > Software Engineer - NetManage > > Work email: david.daugherty@netmanage.com > > Home email: doc@wcug.wwu.edu > > ICQ 21106703 > > Washington State Resident > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-questions" in the body of the message > > -- > ___ > /\ \ phase two of global domination in operation, hide all lions. > /::\ \ > /:/\:\ \ Comments or Questions email spikeman@myself.com > _\:\~\:\ \ > /\ \:\ \:\__\ Spikeman spikeman@myself.com > \:\ \:\ \/__/ http://www.spikeman.net > \:\ \:\__\ Find Me On EFNET /whois Spikeman > \:\/:/ / > \::/ / Friends are lights in winter; > \/__/ The older the friend, the brighter the light. > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message