[techtalk] login restriction
Susannah D. Rosenberg
indrani at mindspring.com
Fri Jul 7 13:54:41 EST 2000
Samantha Jo Moore wrote:
>
> > Does anyone know how to restrict users on a RHL 6.0 box from being able to
> > actually login? I know this sounds strange, but hear me out. I have this
> > new mailserver up, and I want people to be able to POP to it to retrieve
> > mail, but not anything else. I had thought the way to do this was through
> > the /etc/security/access.conf, and indeed that file seems to say
> > that's what
> > it's for, yet when I add a rule to it like:
> >
> > -:username:ALL
> >
> > that user can still login. Any ideas?
>
> Yes. It's very simple. Edit the /etc/passwd file. The last field of each
> user is the program to be executed at login. It is usually /bin/sh,
> /bin/bash,
> or something of the like. If you change this for /bin/false then they won't
> be able to telnet in.
yeah, but it still leaves rlogind and telnetd flapping in the wind. can
you say "telnet to port 25", boys and girls?
gaping security flaws are /bad/.
More information about the Techtalk
mailing list