From owner-freebsd-questions Wed May 9 9: 5:26 2001 Delivered-To: freebsd-questions@freebsd.org Received: from Thanatos.Shenton.Org (a3.ebbed1.client.atlantech.net [209.190.235.163]) by hub.freebsd.org (Postfix) with SMTP id 0B43C37B422 for ; Wed, 9 May 2001 09:05:22 -0700 (PDT) (envelope-from chris@Shenton.Org) Received: (qmail 624 invoked by uid 1000); 9 May 2001 16:05:20 -0000 To: freebsd-questions@FreeBSD.ORG Subject: Restrict login access if no homedir? /etc/login.access group? From: Chris Shenton Date: 09 May 2001 12:05:20 -0400 In-Reply-To: "Kam Salisbury"'s message of "Fri, 06 Apr 2001 12:12:02 -0000" Message-ID: <87y9s6fqyn.fsf@thanatos.shenton.org> Lines: 23 User-Agent: Gnus/5.0807 (Gnus v5.8.7) Emacs/20.7 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG I support a couple small ISPs and I use ssh to sync /etc/master.passwd and group between the systems (instead of something like NIS). On some critical systems (e.g., DNS, RADIUS) I don't want the normal users' entries in /etc/master.passwd to allow them login access to the server. For shell and www/ftp servers, I do want them to have access. Here are couple mechanisms to restrict this on a host-by-host mechanism while keeping the same master.passwd file that come to mind, but I could use some clarification: 1. Prevent login access if the user's homedir is non-existent. Is there a way to set this? Most systems will log you in and put you in "/", not what I want. 2. Put an entry in /etc/login.access like: -:ALL EXCEPT wheel sysadm staff shutdown sync:ALL to allow only users shutdown|sync and users in groups wheel|sysadm|staff to have login access. Suggestions? Thanks. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message