Summary: Prevent users from logging onto servers

From: Anchi Zhang (anchi@starbase.neosoft.com)
Date: Thu Sep 01 1994 - 05:46:20 CDT


Many thanks to the following who responded:

sozoa@atmel.com (Steve Ozoa)
barmar@netcom.com (Barry Margolin)
Jim Murray <jjm@jjm.com>
james mularadelis <jamesm@matrix.newpaltz.edu>
Jesse Adam <jaa@geog.GEOG.UCSB.EDU>
"Henry Katz" <hkatz@lehman.com>
"Reggie Beavers" <vjq09r4@shoes.Bell-Atl.Com>
bern@penthesilea.Uni-Trier.DE (Jochen Bern)
J.H.N.Chin@reading.ac.uk
Claus Assmann <ca@informatik.uni-kiel.d400.de>
B.King@ee.surrey.ac.uk
brobbins@Newbridge.COM (Bert Robbins)
nolfb@jcdbs.2000.disa.mil (Bill Nolf - Logicon)

An abbreviated version of the original question:

  Does there exist a simple way to prevent ordinary users from logging
  onto NFS/DB servers in an NIS environment?

Most suggested to replace +:*:0:0::: with +:*:0:0:::/bin/false
in servers' /etc/passwd and some recommended using netgroup to restrict
logins. I prefer the first solution because, once it is set up, nothing
has to be changed when users are added/deleted.

For it to work on Solaris 2:3 machines, however, the line

  passwd: files nis

in /etc/nsswitch.conf must be replaced by

  passwd: files compact

Anchi

anchi@starbase.neosoft.com
(713) 270-1727 Home
(713) 853-5464 Office



This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:09:08 CDT