From owner-freebsd-security  Thu Aug 29 09:03:22 1996
Return-Path: owner-security
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id JAA15415
          for security-outgoing; Thu, 29 Aug 1996 09:03:22 -0700 (PDT)
Received: from phoenix.csie.nctu.edu.tw (root@phoenix.csie.nctu.edu.tw [140.113.17.171])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id JAA15395
          for <freebsd-security@freebsd.org>; Thu, 29 Aug 1996 09:03:17 -0700 (PDT)
Received: from FreeBSD.csie.NCTU.edu.tw (freebsd.csie.nctu.edu.tw [140.113.235.250]) by phoenix.csie.nctu.edu.tw (8.7.5/8.7.5) with ESMTP id AAA12406 for <freebsd-security@freebsd.org>; Fri, 30 Aug 1996 00:00:45 +0800 (CST)
Received: (from jdli@localhost) by FreeBSD.csie.NCTU.edu.tw (8.7.5/8.7.3) id AAA27169 for freebsd-security@freebsd.org; Fri, 30 Aug 1996 00:02:31 +0800 (CST)
From: Jian-Da Li <jdli@FreeBSD.csie.NCTU.edu.tw>
Message-Id: <199608291602.AAA27169@FreeBSD.csie.NCTU.edu.tw>
Subject: user_wrapper available for testing !!
To: freebsd-security@freebsd.org
Date: Fri, 30 Aug 1996 00:02:30 +0800 (CST)
X-Mailer: ELM [version 2.4ME+ PL11 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
Sender: owner-security@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk


	Hi :
	
        The user_wrapper is a user-based access control which allows each
	user to have personal tcp_wrapper-like access control.

	You can get it from :
	ftp://freebsd.csie.nctu.edu.tw/pub/jdli/collect/user_wrapper.tgz

====== From README ========

*       Related files: (mode should set to 0600)
        ~/.hosts.allow : allow rules
        ~/.hosts.deny : deny rules
        ~/.refused-log : refused log

*       Keywords currently available:
        1. login : control telnetd/rlogind or anything use /usr/bin/login
        2. ftpd
        3. rshd
        4. su : allow who can su to your account

*       Access control syntax:
        service: allow_lists #this_rule_only_applied_on_these_hosts
        su: allow_user_lists #this_rule_only_applied_on_these_hosts

        man hosts_access (from tcp_wrapper) for rule details.

*       Example:
        ~/.hosts.allow
        login: ALL  #sun1,sun2    <= allow all, only if connect to sun1,sun2
        ftpd: LOCAL
        rshd: .my.domain, 192.168.
        su: user1,user2

        ~/.hosts.deny
        su: FAIL
        ALL:ALL

*       You may add these into ~/.login :
        if ( -f ~/.refused-log && ! -z ~/.refused-log) then
           /bin/cat ~/.refused-log 
*       Make other daemon functional is easy, take a look at each patch.
        These patches are against FreeBSD 2.2-current 8/29/1996, but it
        should also apply to other version of FreeBSD.

*       Developed by Dept. of Computer Science and Information Engineering,
        National Chiao-Tung University Taiwan, based on tcp_wrapper.

        Port to FreeBSD by jdli@csie.nctu.edu.tw. 

-- 

                                            李 建 達 (Jian-Da Li) 交 大 資 工
                                            E-Mail :  <jdli@csie.nctu.edu.tw>
                                            http://www.csie.nctu.edu.tw/~jdli