[techtalk] login restriction
Susannah D. Rosenberg
indrani at mindspring.com
Fri Jul 7 13:52:19 EST 2000
Brian Sweeney wrote:
>
> Hello all-
>
> Does anyone know how to restrict users on a RHL 6.0 box from being able to
> actually login?
> PS-If I could at least make it so that they couldn't login via telnet, THAT
> would be a big help...
edit /etc/inetd.conf (as root).
turn off rlogind and telnetd.
(ie, comment out the lines that call rlogind and telnetd by
putting a "#" in front of them: the
results should look like this:
# login stream tcp nowait root /usr/sbin/tcpd
in.rlogind -a
all on one line)
then do a 'killall -HUP inetd' as root.
i assume redhat puts inetd.conf in /etc; don't know for sure, i use
suse. redhat seems to break many things.
you seem to be confusing security with network services. try reading the
inetd man page; it may help to clear up some misconceptions. access.conf
controls what /already existing/ services users can login to; inetd.conf
controls what services are actually run.
also, did you try HUP'ing inetd or what have you after you made the
changes to access.conf? it may just be that the daemons don't recognize
the configuration changes, but ultimately trimming down your inetd.conf
will be better for security, anyway. (hint: rlogind and telnetd are big
security weaknesses. properly managed sshd with good logging facilities
is a much better solution even if you do decide you must let people log
in remotely.)
More information about the Techtalk
mailing list