Date: Wed, 16 Jan 2013 08:50:14 +0000 (UTC) From: Benedict Reuschling <bcr@FreeBSD.org> To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r40649 - head/en_US.ISO8859-1/books/handbook/network-servers Message-ID: <201301160850.r0G8oFHf056204@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: bcr Date: Wed Jan 16 08:50:14 2013 New Revision: 40649 URL: http://svnweb.freebsd.org/changeset/doc/40649 Log: Correct the example on how to prevent NIS users from logging in. The previous instructions did not work and this corrected version is based on a working config from a production system. Add some descriptive text, too. Submitted by: Glen Neff Modified: head/en_US.ISO8859-1/books/handbook/network-servers/chapter.xml Modified: head/en_US.ISO8859-1/books/handbook/network-servers/chapter.xml ============================================================================== --- head/en_US.ISO8859-1/books/handbook/network-servers/chapter.xml Wed Jan 16 08:18:08 2013 (r40648) +++ head/en_US.ISO8859-1/books/handbook/network-servers/chapter.xml Wed Jan 16 08:50:14 2013 (r40649) @@ -1951,10 +1951,13 @@ nis_client_enable="YES"</programlisting> <para>There is a way to bar specific users from logging on to a machine, even if they are present in the NIS database. To do this, all you must do is add - <literal>-<replaceable>username</replaceable></literal> to the + <literal>-<replaceable>username</replaceable></literal> with + the correct number of colons like other entries to the end of the <filename>/etc/master.passwd</filename> file on the client machine, where <replaceable>username</replaceable> is the username of the user you wish to bar from logging in. + The line with the blocked user must be before the + <literal>+</literal> line for allowing NIS users. This should preferably be done using <command>vipw</command>, since <command>vipw</command> will sanity check your changes to <filename>/etc/master.passwd</filename>, as well as @@ -1964,7 +1967,7 @@ nis_client_enable="YES"</programlisting> <hostid>basie</hostid> we would:</para> <screen>basie&prompt.root; <userinput>vipw</userinput> -<userinput>[add -bill to the end, exit]</userinput> +<userinput>[add -bill::::::::: to the end, exit]</userinput> vipw: rebuilding the database... vipw: done @@ -1985,8 +1988,8 @@ uucp:*:66:66::0:0:UUCP pseudo-user:/var/ xten:*:67:67::0:0:X-10 daemon:/usr/local/xten:/sbin/nologin pop:*:68:6::0:0:Post Office Owner:/nonexistent:/sbin/nologin nobody:*:65534:65534::0:0:Unprivileged user:/nonexistent:/sbin/nologin +-bill::::::::: +::::::::: --bill basie&prompt.root;</screen> </sect2>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201301160850.r0G8oFHf056204>