[techtalk] login restriction

Susannah D. Rosenberg indrani at mindspring.com
Fri Jul 7 17:36:41 EST 2000


Aaron Malone wrote:
> 
> On Fri, Jul 07, 2000 at 05:10:21PM -0400, Susannah D. Rosenberg wrote:
> > yeah, but it's still a slightly dodgy way of doing it, imho. the
> > etc/security/access.conf thing is probably a better way of doing it, or
> > putting people into a group that has restricted access.
> 
> Just out of curiosity, could you give some justification for the above
> statements?  I'm just wondering what your reasoning is here. :)

maybe "dodgy" is a bad word. "non-extensible" and "klduge" might be
better. it probably comes down to the fact that, personally, i don't
like to fsck around with things like /etc/passwd if i don't have to.
call me paranoid; for some reason, it always makes me nervous. then
again, i like to do as little as root as humanly possible. okay, i guess
i am paranoid. :)

i also remember once when a main server at work went down, for some
reason prompting the sysadmin to set everyone /bin/false, being totally
unable to start up X-Windows (server, not client programs hosted on said
downed server), nor being able to access anything in my home directory
(which was NFS mounted, so very likely not caused by /bin/false). i'm
not entirely sure why this happened, but call it bad experience trauma.
:)





More information about the Techtalk mailing list