Date: Fri, 4 Jan 2002 16:00:04 +0300 From: "Nickolay A.Kritsky" <nkritsky@internethelp.ru> To: Michael Lucas <mwlucas@blackhelicopters.org> Cc: =?ISO-8859-1?B?5M3J1NLJyiDwz8TLz9LZ1M/X?= <podkorytov@mail.ru>, freebsd-security@FreeBSD.ORG Subject: Re[2]: nologin hole? Message-ID: <48581238076.20020104160004@internethelp.ru> In-Reply-To: <20020104074349.A5042@blackhelicopters.org> References: <E16MLol-000FEJ-00@f8.mail.ru> <20020104074349.A5042@blackhelicopters.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello Michael, Friday, January 04, 2002, 3:43:49 PM, you wrote: ML> Hello, ML> I would recommend not using nologin as the users' shell. Instead, ML> take a look at /etc/login.access. ML> This makes the shell irrelevant; the user cannot log in, in any shell. ML> Generally, my sysadmins are in a "sysadmin" group. The "sysadmin" ML> group is allowed to log in from anywhere. All other users are denied ML> login. ML> There's an article on this in my column archives, if you want a ML> point-by-point walkthrough. ML> Good luck! ML> ==ml the problem is that some versions of SSH do not pay any attention to /etc/login.access file, so you still may have a need in /sbin/nologin. ;------------------------------------------- ; NKritsky ; SysAdmin InternetHelp.Ru ; http://www.internethelp.ru ; mailto:nkritsky@internethelp.ru To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?48581238076.20020104160004>