LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices



Reply
 
Search this Thread
Old 06-21-2007, 06:01 PM   #1
powah
Member
 
Registered: Mar 2005
Distribution: FC, Gentoo
Posts: 276

Rep: Reputation: 30
disable or enable a user from login


How to disable or enable a user from login with both ssh and serial port?

Do I do
passwd -l user
passwd -u user?
 
Old 06-21-2007, 06:28 PM   #2
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Quote:
Originally Posted by powah
How to disable or enable a user from login with both ssh and serial port?

Do I do
passwd -l user
passwd -u user?
did you try those commands?? did they work?? another approach would be to simply change the account's shell to /usr/sbin/nologin or something like that, by editing /etc/passwd...

Last edited by win32sux; 06-21-2007 at 06:32 PM.
 
Old 06-21-2007, 07:44 PM   #3
jschiwal
Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 655Reputation: 655Reputation: 655Reputation: 655Reputation: 655Reputation: 655
So you want to limit where certain users or group(s) of users and login from, rather than lock out their account.

For ssh, you can use AllowUsers or AllowGroups to explicitly determine who is allowed to login via ssh. Using AllowUser user1
will only allow user1 to log in and will deny all other users, including system users who are targets of brute force attacks.

Suppose you only want root to be able to login to tty1.

You can control that with an /etc/security/access.conf entry.
-:ALL EXCEPT root:tty1

This file is well commented. If yours isn't, then look in man 5 access.conf and man pam_access.
 
Old 06-21-2007, 09:00 PM   #4
powah
Member
 
Registered: Mar 2005
Distribution: FC, Gentoo
Posts: 276

Original Poster
Rep: Reputation: 30
Quote:
Originally Posted by jschiwal
So you want to limit where certain users or group(s) of users and login from, rather than lock out their account.
What is the difference between disable users from login and lock out their account?
 
Old 06-22-2007, 06:05 AM   #5
jschiwal
Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 655Reputation: 655Reputation: 655Reputation: 655Reputation: 655Reputation: 655
You can prevent a normal user from logging in on certain terminals. They will still be able to log in on other terminals. For example, you asked about a serial terminal. Maybe you only want a member of an admin group to be allowed to login to that terminal. Suppose that you only want three particular users to be able to use ssh. They might be the people who administer the server and need to do so remotely. Adding their names to the AllowUsers entry will deny ssh logins under any other account. You still want a normal user to be able to login normally.

I just reviewed the manpage for the "passwd" command. I should have used the term "lock" instead of disable. The root user can lock an account using the passwd command. That user will not be able to login. Your query seemed to me to be about limiting logins on certain terminals and on restricting who can use ssh to login. In other words, about controlling access rather than denying it completely.

Last edited by jschiwal; 06-22-2007 at 06:09 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
hi,I enable the krb5-telnet service,but root user can't login hodge Linux - Newbie 2 07-17-2007 01:21 AM
selectly enable/disable ssh for user.. piyushiitk Linux - Networking 2 05-16-2006 02:06 PM
enable disable Tuttle General 0 01-08-2005 05:21 PM
disable user login ust Linux - General 2 04-01-2004 01:06 PM
Disable/Enable Root Login @ Console ryanstrayer Linux - Security 4 01-18-2002 05:49 PM


All times are GMT -5. The time now is 07:14 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration