user setup question
Louis LeBlanc
freebsd at keyslapper.org
Sun Mar 14 07:58:07 PST 2004
On 03/13/04 04:29 PM, Lars Eighner sat at the `puter and typed:
> On Sat, 13 Mar 2004, Louis LeBlanc wrote:
>
> > I have an odd question.
> >
> > I need to add a user to a system, but I don't want this user to be
> > able to log in from outside - meaning only from the console itself.
> >
> > I know root is set up this way, but I'm not sure how to do this.
> >
> > Any pointers?
> >
> > TIA
> > Lou
> >
>
> see login.access file in /etc, also man 5 login.access
>
> You can restrict the user to logging in only from the console,
> or to logging in only locally. I suppect you really do not mean
> to restrict the user to logging in only at the console, but that
> you mean the user should be able to log into to any local terminal.
That is exactly what I'm trying to do. I did find the login.access
file, but it didn't seem to work.
I set the user up as follows:
-:userid:ALL EXCEPT LOCAL
which I understand is the correct syntax. Problem is how to get it to
take effect without a reboot. The manpage doesn't say anything about
restarting or HUPing a process - like you would inetd after changing
inetd.conf.
A quick Google revealed that sshd doesn't honor the login.access by
default. I set UseLogin to 'yes' in /etc/ssh/sshd_config, HUPed sshd,
and it seems to work fine.
Seems to me this should be cause for concern. Why would sshd ignore
login.access by default? Shouldn't all shell access methods honor any
form of access restriction by default?
Thanks.
Lou
--
Louis LeBlanc leblanc at keyslapper.org
Fully Funded Hobbyist, KeySlapper Extrordinaire :)
http://www.keyslapper.org Ô¿Ô¬
Recursion n.:
See Recursion.
-- Random Shack Data Processing Dictionary
More information about the freebsd-questions
mailing list