[techtalk] login restriction

Aaron Malone aaron at mancala.semo.net
Fri Jul 7 16:45:02 EST 2000


On Fri, Jul 07, 2000 at 05:36:41PM -0400, Susannah D. Rosenberg wrote:
> maybe "dodgy" is a bad word. "non-extensible" and "klduge" might be
> better. it probably comes down to the fact that, personally, i don't
> like to fsck around with things like /etc/passwd if i don't have to.
> call me paranoid; for some reason, it always makes me nervous. then
> again, i like to do as little as root as humanly possible. okay, i guess
> i am paranoid. :) 
     
Well, you never have to directly touch /etc/passwd for this. man
chsh.  And I must confess I'm not really sure what you mean by
"non-extensible".  Extensibility is certainly important in protocols
and filespecs, but I just don't see it as an issue here, where all I
want to do is restrict people from logging in via telnet/ssh/ftp
(well, maybe ftp).

<shrug>

Incidentally, does the /etc/security/access.conf thing work with ssh?
I just tried disabling my access to our mail server, but it still let
me in.  I didn't spend much time on the docs, maybe I did it wrong. :)

--
Aaron Malone (aaron at semo.net)
System Administrator                "We learn from history that we learn
Poplar Bluff Internet, Inc.            nothing from history."
http://www.semo.net                          --George Bernard Shaw





More information about the Techtalk mailing list