Date: Sat, 27 Dec 2003 20:47:34 +0000 From: Jez Hancock <jez.hancock@munk.nu> To: Lowell Gilbert <freebsd-questions-local@be-well.ilk.org> Cc: freebsd-questions@freebsd.org Subject: Re: setting login.conf doesn't limit my users Message-ID: <20031227204734.GB32347@users.munk.nu> In-Reply-To: <441xqqs26m.fsf@be-well.ilk.org> References: <20031227030246.A14316-100000@bugs.elitsat.net> <441xqqs26m.fsf@be-well.ilk.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Dec 27, 2003 at 10:36:17AM -0500, Lowell Gilbert wrote: > Alexander <amour@bugs.elitsat.net> writes: > > > after setting a new login classes in login.conf the users still don't get > > limited and worse - they can change the limits by themselves ! > > > > How do I restrict that ? > > > > I'm using FreeBSD 4.9-STABLE. Most of the users are using bash. They > > are in the login class that should put them the limits and I ran cap_mkdb > > /etc/login.conf after adding the new class. The users login via sshd. > > > > P.S. The FBSD handbook and the login.conf manpage doesn't help much. They > > only say that I should put the limits I want in login.conf and everything > > should be done. Do I miss something ? > > Well, for one thing sshd(8) doesn't use login(1) by default, > so login.conf won't affect it at all. You can change that > in login.conf(5), but doing so may have other consequences > (I haven't had enough coffee today to remember what they > could be; maybe checking mailing list archives would help). I don't think this is true - whether or not login is called is dependent on the shell set for each user - I may be wrong though :P. All I *do* know is that I use sshd to login regularly and the login capabilities I set in /etc/login.conf do take effect ok. To the OP - it may help if you paste in the contents of your login caps file /etc/login.conf or detail exactly what it is you're trying to cap/restrict. -- Jez Hancock - System Administrator / PHP Developer http://munk.nu/ http://jez.hancock-family.com/ - personal weblog http://ipfwstats.sf.net/ - ipfw peruser traffic logging
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20031227204734.GB32347>