From owner-freebsd-questions Wed Oct 4 12:41:39 2000 Delivered-To: freebsd-questions@freebsd.org Received: from dan.emsphone.com (dan.emsphone.com [199.67.51.101]) by hub.freebsd.org (Postfix) with ESMTP id 1A1A637B503 for ; Wed, 4 Oct 2000 12:41:37 -0700 (PDT) Received: (from dan@localhost) by dan.emsphone.com (8.9.3/8.9.3) id OAA13811; Wed, 4 Oct 2000 14:41:26 -0500 (CDT) (envelope-from dan) Date: Wed, 4 Oct 2000 14:41:26 -0500 From: Dan Nelson To: "Dan Mahoney, System Admin" Cc: questions@FreeBSD.ORG Subject: Re: Securing SU Message-ID: <20001004144126.A7295@dan.emsphone.com> References: Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline User-Agent: Mutt/1.3.9i In-Reply-To: ; from "Dan Mahoney, System Admin" on Wed Oct 4 11:57:50 GMT 2000 X-OS: FreeBSD 5.0-CURRENT Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG In the last episode (Oct 04), Dan Mahoney, System Admin said: > After searching the archives for "su and telnet" and reading about > 250 entries on how you can't telnet as root, man ttys for how to > change this.... > > My question is different (thank god)... > > I was wondering if there was a way to configure su so that it would > disallow a user access if they're telnetted in. (but, say, allow > them if they have sshed in). That's just about impossible. You /could/ have your program try and trace its process parentage back to one that was spawned from sshd, but that wouldn't work for screen sessions, since the front and back halves communicate between fifos, and they sould have been started on different machines. -- Dan Nelson dnelson@emsphone.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message