LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 06-23-2004, 03:57 PM   #1
sorrodos
Member
 
Registered: Jul 2003
Location: Salt Lake City, UT and Spokane, WA
Distribution: Mandrake 10.0, Gentoo, FreeSBIE 1.0
Posts: 345

Rep: Reputation: 30
Prevent a user from logging into X?


I would guess this is a pretty easy thing to do, but I haven't had luck finding anything on it...

I need a way to prevent a user from logging into X via g/k/xdm. Can anyone tell me how to do this?
 
Old 06-23-2004, 11:04 PM   #2
SciYro
Senior Member
 
Registered: Oct 2003
Location: hopefully not here
Distribution: Gentoo
Posts: 2,038

Rep: Reputation: 51
i don't know about your computer, but with mine i use the x config program that comes with my cards drivers to select a group that are allowed to use X, (i use gentoo by the way), search thru /etc/group and you see groups for xdm and such, i think that might have something to do with what you want
 
Old 06-24-2004, 12:12 PM   #3
sorrodos
Member
 
Registered: Jul 2003
Location: Salt Lake City, UT and Spokane, WA
Distribution: Mandrake 10.0, Gentoo, FreeSBIE 1.0
Posts: 345

Original Poster
Rep: Reputation: 30
I figured out how to do this...

I set the user's default shell to /bin/false. I didn't want the user to be able to login to the system at all, but still needed a valid username/password combo for a proftp server.

The system in question uses gdm and gdm is smart enough to realize a user with a default shell of /bin/false is not supposed to login, so it prevents it.

While googling around for an answer for this, I read that xdm and kdm will allow a user with a default shell of /bin/false to login... so this will only work for gdm... but thats what I use, so its all good.

Another option to accomplish this on a Mandrake machine, or one with mdkKDM (mandrake's tweaked version of kdm) , is to prevent users from typing their names at the login screen and then hiding users that you don't want to hide. Then if you dont' want console access... throw a .bashrc file into their home dir and put a logout command in it, and then set the .bashrc to read only for the user...

Last edited by sorrodos; 06-24-2004 at 12:14 PM.
 
Old 06-24-2004, 12:49 PM   #4
unSpawn
Moderator
 
Registered: May 2001
Posts: 26,944
Blog Entries: 54

Rep: Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731
I set the user's default shell to /bin/false. I didn't want the user to be able to login to the system at all, but still needed a valid username/password combo for a proftp server.
This means you just didn't ask the "right" question in the first place. If I knew your reason for wanting this I would have told you you should not use system authentication for just FTP logins. Since FTP uses cleartext authentication, isn't a flawless protocol (like some daemons), using an FTPD (like Vsftpd, Muddleftpd) that can handle separate authentication schemes cuts down the risk of people, one way or another, getting access to system authentication that way.
 
Old 06-24-2004, 01:57 PM   #5
sorrodos
Member
 
Registered: Jul 2003
Location: Salt Lake City, UT and Spokane, WA
Distribution: Mandrake 10.0, Gentoo, FreeSBIE 1.0
Posts: 345

Original Poster
Rep: Reputation: 30
unSpawn-
I did ask the "right" question in this thread. I wasn't getting any response on it, so I thought I would try to narrow the problem down a bit.

Is there a way I can change the authentication method in Proftp so its not using system authentication then? Or do I need to use a different server to accomplish that?
 
Old 06-24-2004, 07:09 PM   #6
unSpawn
Moderator
 
Registered: May 2001
Posts: 26,944
Blog Entries: 54

Rep: Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731
I did ask the "right" question in this thread. I wasn't getting any response on it, so I thought I would try to narrow the problem down a bit.
Clear. If you mentioned that thread I wouldn't have written this.


Is there a way I can change the authentication method in Proftp so its not using system authentication then?
Sure. From the ProFTPD FAQ (ch. 7, user auth): Authentication methods supported: PAM, NIS, Indvidual passwd/group files for each virtual, SQL databases (etc, etc). Try PAM, check your PAM docs for pam_userdb. That's one of the basic and easy external auth methods Vsftpd uses too.
 
Old 06-26-2004, 03:30 PM   #7
xathras
LQ Newbie
 
Registered: Jun 2004
Posts: 25

Rep: Reputation: 15
I prevent access to X by not having it installed, lol
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
How to prevent user from using other apps!?? FreakboY Linux - Security 4 09-08-2005 04:22 AM
Apache: prevent logging certain URLs ? michaelsanford Linux - Software 1 07-22-2005 07:48 PM
How to prevent KDM from displaying the last user logged in smithtodda Suse/Novell 4 05-23-2005 07:57 PM
Prevent history logging new@linux Linux - Newbie 3 03-08-2005 11:26 PM
Prevent user from accessing the Internet koy-b Linux - Security 2 07-17-2004 12:17 PM


All times are GMT -5. The time now is 09:21 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration