Date: Sun, 14 Mar 2004 10:58:05 -0500 From: Louis LeBlanc <freebsd@keyslapper.org> To: Lars Eighner <eighner@io.com> Cc: FreeBSD Questions <freebsd-questions@freebsd.org> Subject: Re: user setup question Message-ID: <20040314155805.GB49058@keyslapper.org> In-Reply-To: <20040313162259.W74681@goodwill.io.com> References: <20040313180447.GA25158@keyslapper.org> <20040313162259.W74681@goodwill.io.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 03/13/04 04:29 PM, Lars Eighner sat at the `puter and typed: > On Sat, 13 Mar 2004, Louis LeBlanc wrote: > > > I have an odd question. > > > > I need to add a user to a system, but I don't want this user to be > > able to log in from outside - meaning only from the console itself. > > > > I know root is set up this way, but I'm not sure how to do this. > > > > Any pointers? > > > > TIA > > Lou > > > > see login.access file in /etc, also man 5 login.access > > You can restrict the user to logging in only from the console, > or to logging in only locally. I suppect you really do not mean > to restrict the user to logging in only at the console, but that > you mean the user should be able to log into to any local terminal. That is exactly what I'm trying to do. I did find the login.access file, but it didn't seem to work. I set the user up as follows: -:userid:ALL EXCEPT LOCAL which I understand is the correct syntax. Problem is how to get it to take effect without a reboot. The manpage doesn't say anything about restarting or HUPing a process - like you would inetd after changing inetd.conf. A quick Google revealed that sshd doesn't honor the login.access by default. I set UseLogin to 'yes' in /etc/ssh/sshd_config, HUPed sshd, and it seems to work fine. Seems to me this should be cause for concern. Why would sshd ignore login.access by default? Shouldn't all shell access methods honor any form of access restriction by default? Thanks. Lou -- Louis LeBlanc leblanc@keyslapper.org Fully Funded Hobbyist, KeySlapper Extrordinaire :) http://www.keyslapper.org ԿԬ Recursion n.: See Recursion. -- Random Shack Data Processing Dictionary
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040314155805.GB49058>