LinuxQuestions.org
Visit Jeremy's Blog.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
Reload this Page is my pam_time.so broken or am I using it incorrectly (to restrict http access) ?
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 02-26-2013, 07:08 PM   #1
max.b
Member
 
Registered: Feb 2013
Distribution: Debian 11, GNOME
Posts: 100

Rep: Reputation: 5
is my pam_time.so broken or am I using it incorrectly (to restrict http access) ?

I've read that PAM can be used to restrict HTTP access for some users, but I can't figure out how to do it in Ubuntu 12.04.

The `/etc/security/time.conf` man page contains this example:

Quote:
All users except for root are denied access to console-login at all times:

Code:
login ; tty* & !ttyp* ; !root ; !Al0000-2400
For this to work, `/etc/pam.d/login` needs to have a line

Code:
   account    requisite  pam_time.so
This example works, and I tried to adapt it to limit HTTP access from the console. I added
Code:
    http ; tty* & !ttyp* ; !root ; !Al0000-2400 # will fix "time" later
to `/etc/security/time.conf`, and created `/etc/pam.d/http` with

Code:
   account    requisite  pam_time.so
This doesn't work. I can still use `wget` as non-root from the console.
 
Old 02-27-2013, 01:09 PM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
Quote:
Originally Posted by max.b View Post
is my pam_time.so broken or am I using it incorrectly (to restrict http access) ?
The latter I'm afraid.


Quote:
Originally Posted by max.b View Post
I've read that PAM can be used to restrict HTTP access for some users
Where did you read that?


Quote:
Originally Posted by max.b View Post
I tried to adapt it to limit HTTP access from the console. (..) This doesn't work. I can still use `wget` as non-root from the console.
PAM stacks are tied to system services and applications that involve authentication, require root privileges or need other user management. There's ways to do what you want from using PAM consolehelper to combining the iptables time and owner modules to whatever-modifying cron jobs but some suggestions may not apply. Please describe in detail what you want to do and if this applies to only 'wget' or also related / equivalent tools and if it applies to a single, a group or all users.
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Restrict http api calls linux1986 Linux - Security 12 05-10-2012 07:20 AM
pam_time pbwalker Linux - Security 5 10-20-2010 10:31 AM
Restrict Access to an HTTP Server and Allow the Site to be Accessible through HTTPS Hi_This_is_Dev Linux - Server 1 12-16-2009 06:53 AM
Restrict X server access using /etc/security/access.conf anand_kt Linux - General 0 04-22-2005 08:40 AM
PAM problem with module pam_time.so giacomolg Linux - Security 1 11-27-2004 07:50 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 02:32 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration