Summary: Restricting useraccess through the network

From: Rikard Stemland Skjelsvik <rskjels_at_pogostick.net>
Date: Wed Apr 18 2001 - 04:27:41 EDT
Thanks to all who replied. I got several suggestions within an hour and
they keep coming. 

Thanks to (in no particular order) to Martin Hepworth, Mark Lewis, Jan
Johanson, Roberto Wagner, Lieven Marchand, Andrew Merrill,  Damon Cassell,
Benjamin W. Ritcey, Wolf Schaefer, Pete Simpson, Matthew Alexander, Thomas
Jones,  Ravi Kuppanna,  Konstantin Rozinov, Michael Auria, Lynette Bellini
and hall@

Most replies suggested using sudo and some variants of login-files to give
users access to the common user. One suggessted an application that i have
never heard about called GSU (There are some cvs logs at
goldschlager.ucf.ics.uci.edu:8080/cgi-bin/cvsweb.cgi/gsu/ i have not been
able to connect to this site , so i cannot speak volumes about it). A
small abstract of most replies would be:

	In order to stop user from login in directly to the application
	user account which they have the password to, you should change
	that password to a passwd  the users don't know and then through
	different schemes such as sudo, PAM or Role Based Access Control
	give the users the ability "to become" the application user.
	Lack of password will effectivly prevent users	to login as 
	the applicationuser.

These were very good suggestions that i will follow up.  Most likely i
will use Sudo.

--
Rikard
Received on Wed Apr 18 09:27:41 2001

This archive was generated by hypermail 2.1.8 : Wed Mar 23 2016 - 16:24:53 EDT