From owner-freebsd-questions  Mon Apr  6 16:43:50 1998
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id QAA04983
          for freebsd-questions-outgoing; Mon, 6 Apr 1998 16:43:50 -0700 (PDT)
          (envelope-from owner-freebsd-questions@FreeBSD.ORG)
Received: from shell.futuresouth.com (shell.futuresouth.com [207.141.254.20])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id QAA04964
          for <freebsd-questions@FreeBSD.ORG>; Mon, 6 Apr 1998 16:43:29 -0700 (PDT)
          (envelope-from fullermd@futuresouth.com)
Received: from shell.futuresouth.com (mail.futuresouth.com [207.141.254.21])
	by shell.futuresouth.com (8.8.8/8.8.8) with SMTP id SAA13225;
	Mon, 6 Apr 1998 18:43:04 -0500 (CDT)
Date: Mon, 6 Apr 1998 18:43:03 -0500 (CDT)
From: "Matthew D. Fuller" <fullermd@futuresouth.com>
To: Val <val@hcol.net>
cc: Ross McFarland <rwmcfa1@pop.uky.edu>, freebsd-questions@FreeBSD.ORG
Subject: Re: the su command and specifing who can telnet
In-Reply-To: <Pine.BSF.3.96.980406091536.3996A-100000@ns.hcol.net>
Message-ID: <Pine.BSF.3.96.980406184123.5020O-100000@shell.futuresouth.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Mon, 6 Apr 1998, Val wrote:

> On Sun, 5 Apr 1998, Ross McFarland wrote:
> 
> > 1) I've found and understand how the ftp access is controlled by a file, where and\or how can I control who can access the server by Telnet?  I have a user name for apache to run under and would like to restrict its ability to log in from any where other than the console.
> I think it's called /etc/login.access
> but on my system originally it was set up do deny login to anyone other
> from the console, so I had to put in some ips in there and now i can
> telnet from those ips.  You can also control usernames that can telnet
> into the system from there.
Yup.
You can do a lot of restrictions and openings with it.  Just play with it
a while.

> > 2) how do I allow a user to su to root.  I've tried setting group to 0(wheel) and using the log in class root, staff and everything else I can think of in every combination.  when I try it always says
> We use sudo port to let users run commands as root.
> it's one of the ports.  this way you don't need to tell them the root
> password.  Every action is logged into the /var/log/messages and there are
> some other precausions i think, like you can't delete root, etc.
> Access to sudo command is controlled by the file: sudoers.
Well, you still want to be able to su.
The users who need to su need to be listed under group wheel in
/etc/group, not just have wheel as their login group in
/etc/master.passwd.

> regards,
> Val.


*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
|       FreeBSD; the way computers were meant to be       |
* "The only reason I'm burning my candle at both ends, is *
| that I haven't figured out how to light the middle yet."|
*    fullermd@futuresouth.com      :-}  MAtthew Fuller    *
|      http://keystone.westminster.edu/~fullermd          |
*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message