Login's Access restrictions - wrong examples in the config file?
I have recently been playing with Slackware's 14.0 RC4 /etc/login.access file, which is designed to determinate who can log on where. The default file has lots of (commented) examples.
The examples suggest that the following line: Code:
-:myuser:console Is it that the rule is obsolete, or just that I have misunderstood it? I have found BSD documentation supporting this syntax, but it seemed outdated... The config file works as expected when the ttys are defined one by one: -:myuser:/dev/tty1 /dev/tty2 |
You're probably encountering the difference between the Linux concept of the "console" and the tty devices.
Sorry, I'm at work and don't have time to go into more detail, but googling "linux console device" and/or "linux console tty" should give you a start. |
Other option
A command to lock an user account is
Code:
# passwd -l myuser Code:
# passwd -u myuser |
Quote:
eternauta2001, nice suggestion, but I don't want to lock the account. I would rather set a fake shell for the user (in fact, you can type 'echo "You are a looser. Fsck off!" > /etc/nologin' and it will be more fun :-D ) My objective here is to determinate how does login.access manage the "console" location and why it does not prevent people from login locally. |
Try the boot option "console=/dev/tty1" after setting up -:myuser:console That should set the linux console concept to /dev/tty1, and login attempts there should then run afoul of your rule. For extra fun you ought to be able to log in on /dev/tty2.
The console is a separate concept, and can be local, remote, serial, etc. |
Quote:
Is there a way to set the "console" variable with a live kernel running? |
You're beyond me with that one. Sorry.
|
# The third field should be a list of one or more tty names
it does not mention console john |
Quote:
|
so what is it
you say you are logging in from tty but you are trying to restrict console WTF |
It is just that I supposed that "console" would include the virtual consoles, when it seems it doesn't :-)
|
The correct console= usage is just the device name not the full path
So "console=tty1" would work Now for some weirdness According to the docs on the kernel console should default to tty0 which should be the first tty (ALT+F1) however testing here shows that the first tty is actually tty1 (ALT+F1) Now back to what you want to achieve according to the man page there are 2 more options you can use on that line ALL or LOCAL So this should produce the result that you seem to be looking for :- -:myuser:LOCAL Assuming that the man page is any good. |
All times are GMT -5. The time now is 06:07 PM. |