SUMMARY : Avoid some users login when using NIS+

From: Gilberto Araujo Ventura - Support Analyst (
Date: Mon Jun 17 1996 - 09:07:16 CDT

SUMMARY: Avoid some users login when using NIS+

Gilberto asked:

Is it possible to deny access to some user in some machine that is part of a network using NIS+ ?

Many thanks to : (Cecil Pang)
Alex Dumitru <> (Niall O Broin - Gray Wizard)
Martin Espinoza <> (Carlo Musante)
Mark Bergman <>
chang@sngns1.CV.Com (Chang Keng Seng) (Keene)

Some Answers:

Cecil Wrote:
This is not the best way but will work and if you find a better one let
me know.

Just put in local machine /etc/passwd the same user on NIS+ but with a
locked password (e.g. put a * in the password field). since your
/etc/nsswitch.conf look at local file first then you user you do not
want will be lock out.

Carlo Musante Wrote:
We used group permissions on /bin/csh.

chmod 550 /bin/csh
chgrp allowed_users /bin/csh

Anyone not in the allowed_users group can not run /bin/csh and are logged out.
If you wish to stop ftp modify /usr/sbin/in.ftpd in the same way.

Ease of implimentation is dependant on the number of groups and users.

Chang Keng Seng Wrote:

You need to setup netgroup in NIS+ and do the following:

1. Edit /etc/passwd and /etc/shadow to include


2. Edit /etc/nsswitch.conf to include

        passwd: compat
        passwd_compat: nisplus

where netgroupname is the list of users you allows to login this particular



Gilberto Araujo Ventura
System Engineer - Technical Support
Dedalus Sistemas
Sao Paulo - Brazil

This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:11:01 CDT