LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices



Reply
 
Search this Thread
Old 03-22-2005, 02:33 PM   #1
twsnnva
Member
 
Registered: Oct 2003
Location: Newport News, Va
Distribution: Debian
Posts: 246

Rep: Reputation: 30
Allowing/Denying login by group


We are using an LDAP database to store user and group accounts. Currently any user in the database can login to any server. We have one server that hosts sensitive data and only certain users should be able to access it. I would like to create a group in LDAP, and allow only members of that group, login privileges to that server. I tried using /etc/login.access to achieve this, but even with the only line "-:ALL:ALL", anyone in LDAP can successfully login to the system. Any suggestions?
 
Old 03-22-2005, 03:05 PM   #2
cylix
Member
 
Registered: Dec 2004
Location: Ohio
Distribution: Fedora Core 3
Posts: 125

Rep: Reputation: 15
I was hoping to resolve this with an answer that involved pam... however this not the case.

pam seems to be the mythical documentation beast. We know it exists, but hell it's a pain to work magic with it. Hopefully, another veteran can find some insight in that area.

In any event, assumming sshd is your form of remote terminal access, you can just specify AllowGroups in your sshd_config file.

AllowGroups takes a list of groups that are allowed to login and all others will be denied access.

So assumming 'getent group' is working on your system this should do fine.
 
Old 03-22-2005, 04:14 PM   #3
twsnnva
Member
 
Registered: Oct 2003
Location: Newport News, Va
Distribution: Debian
Posts: 246

Original Poster
Rep: Reputation: 30
Yeah, that's the only thing I can do(restrict ssh access). Considering the server is locked in the server root, it should actually be quite secure. What if the server weren't physically secure though? There has to be some way to do this.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
safe guarding your system by not allowing anyone to login as root abhis_mail2002 Fedora 6 05-14-2006 03:58 AM
VSFTPD refusing login/denying cause anon only gonus Linux - Networking 3 10-09-2005 09:22 PM
not allowing me to login as other users madamson Solaris / OpenSolaris 7 10-07-2005 06:49 AM
Disabling group login-s vasillalov Linux - Security 2 07-14-2004 07:49 PM
Denying remote root login with SuSE 7.1 midnightcommander Linux - Networking 2 07-08-2001 07:51 PM


All times are GMT -5. The time now is 02:44 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration