LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   messages should appear. (https://www.linuxquestions.org/questions/linux-security-4/messages-should-appear-38865/)

vinay_r99 12-19-2002 08:50 AM
messages should appear.
 
hi,

I want to restrick users other than root. And onces the user onces in it should appear a message saying USERS NOT ALLOWED !!! something like this..... thought PAM .. i hv restrick the users expect root ... the problem is messages are not appearing when the users try to login. can somebody help me with this .... need it Urgently.... awainting for ur valueable response.

Thanx & Rgds,
Vinay R

unSpawn 12-19-2002 12:09 PM
Do you want to deny *all* users except root to log in? Do you want to restrict all users from accessing the *root* account?

//maybe off-topic but please don't try to slur your words/sentences. makes it hard to read.

pjcp64 12-29-2002 10:09 PM
/etc/nologin
 
I haven't actually used it, but you might want to give it a try.
touch /etc/nologin
and make sure you can login as root before you actually signoff of your current session.
You will probably want to verify that other IDs cannot signon.
I don't know how this effects ftp etc...
Depending on what your goal is here, you may just want to go into single user mode by: init 1
That should restrict all logins except from the console. Other services will be
shutoff too ( ftp, ssh, oracle, etc.... ).
/etc/motd is a file that shows a message when signing on.

Oh... Don't forget to rm /etc/nologin when you done! :-)

pjcp64 12-29-2002 10:31 PM
SSH will display a banner before a user signs in.
I think wu-ftpd will also.... hmmm.... maybe not.
As for telnet, you might have to research that one.

The point being, there isn't one single place you can
place a message that affects logins for all of these
different services.

SSH and Telnet both use /etc/profile. You could place
a message in there and then boot the user out. Make
sure that there is some if...then logic to allow root to
login though.
Ftp doesn't use /etc/profile so you'd have to find a
different mechanism for it. ( or maybe just turn it off ).

vinay_r99 12-30-2002 03:23 AM
Hi,

Its working am able to get a message from nologin file. Expect root any users try to login .... they will get a message.

thanx a lot for the help.

pjcp64 12-30-2002 08:37 PM
/etc/nologin
 
How did you get the messages to work? Simply by typing it in the nologin file? I tried that but didn't have any success.

Also, did it work for telnet or ssh or both?

Thanks.

Thom

vinay_r99 12-30-2002 11:18 PM
I has restricted users through pam ... i was able to restrict users the only problem i was facing ... when users try to login via telnet messages was not appearing .... so i created a nologin file in /etc.

In nologin file i typed Unauthorised Users Probhited. thatz hw i use to get the message when users try to login.

pjcp64 12-31-2002 06:02 AM
Thanks...
 
So it appears that /etc/nologin does affect telnet with a message.
SSH would require it's own banner setup. ( it supports it ). It'll actually display the message before the user attempts logging in.
I'm not quite sure about ftp and wu-ftpd.

But anyway.... It'll looks like you've solved your problem.

Good Luck!


All times are GMT -5. The time now is 04:58 AM.