[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

restrict remote logins

To: misc@openbsd.org
Subject: restrict remote logins
From: ktb <xyf@nixnotes.org>
Date: Sat, 19 Apr 2003 16:54:49 -0500
Content-Disposition: inline
Mail-Followup-To: misc@openbsd.org
User-Agent: Mutt/1.3.28i

I have a few user accounts I would like to restrict from all remote
login but allow them to login via console or su.  I've read though the
man-pages of "login" and "login.conf."  I tried replicating the "default"
section in /etc/login.conf, adding ":ignorenologin:\" using the "users" 
group and then a single user like so -

kbrede:\
        :ignorenologin:\
        :path=/usr/bin /bin /usr/sbin /sbin /usr/X11R6/bin /usr/local/bin:\
        :umask=022:\
        :datasize-max=256M:\
    	<snip>
and 

users:\
        :ignorenologin:\
        :path=/usr/bin /bin /usr/sbin /sbin /usr/X11R6/bin /usr/local/bin:\
        :umask=022:\
        :datasize-max=256M:\
	<snip>

I then created an empty /etc/nologin file.  The short of it is with this
setup nobody can log in remotely.

Am I doing something wrong here or completely missing the boat?
Thanks,
kent

-- 
To know the truth is to distort the Universe.
                      Alfred N. Whitehead (adaptation)

Prev by Date: Re: Darpa now denies it...
Next by Date: Re: string cleanup results
Prev by thread: Re: Darpa now denies it...
Next by thread: spender@grsecurity.net: Re: PowerPC W^X
Index(es):
- Date
- Thread