LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices



Reply
 
Search this Thread
Old 09-17-2012, 09:41 AM   #1
BlackRider
Member
 
Registered: Aug 2011
Distribution: Slackware
Posts: 261

Rep: Reputation: 82
Login's Access restrictions - wrong examples in the config file?


I have recently been playing with Slackware's 14.0 RC4 /etc/login.access file, which is designed to determinate who can log on where. The default file has lots of (commented) examples.

The examples suggest that the following line:
Code:
-:myuser:console
should disable console logins for the user "myuser", but it does not happen. I can still logon with "myuser" in the ttys after loading this rule.

Is it that the rule is obsolete, or just that I have misunderstood it? I have found BSD documentation supporting this syntax, but it seemed outdated...

The config file works as expected when the ttys are defined one by one:

-:myuser:/dev/tty1 /dev/tty2
 
Old 09-17-2012, 11:29 AM   #2
jamesf
Member
 
Registered: Dec 2004
Location: USA
Distribution: Slackware 12 and higher
Posts: 229

Rep: Reputation: 51
You're probably encountering the difference between the Linux concept of the "console" and the tty devices.

Sorry, I'm at work and don't have time to go into more detail, but googling "linux console device" and/or "linux console tty" should give you a start.
 
Old 09-17-2012, 01:11 PM   #3
eternauta2001
LQ Newbie
 
Registered: Dec 2008
Distribution: Slackware Linux 13.1
Posts: 18

Rep: Reputation: 7
Other option

A command to lock an user account is

Code:
# passwd -l myuser
For unlock:

Code:
# passwd -u myuser
 
Old 09-17-2012, 01:44 PM   #4
BlackRider
Member
 
Registered: Aug 2011
Distribution: Slackware
Posts: 261

Original Poster
Rep: Reputation: 82
Quote:
Originally Posted by jamesf
You're probably encountering the difference between the Linux concept of the "console" and the tty devices.
That's the first thing I thought -I mean, do the "console" word include the local ttys? The information I gathered from the Internet before posting made me believe that the "console" location should have sufficed to lock the access of "myuser" from the tty of a regular desktop computer. It's evident that I was wrong.

eternauta2001
, nice suggestion, but I don't want to lock the account. I would rather set a fake shell for the user (in fact, you can type 'echo "You are a looser. Fsck off!" > /etc/nologin' and it will be more fun :-D ) My objective here is to determinate how does login.access manage the "console" location and why it does not prevent people from login locally.

Last edited by unSpawn; 09-17-2012 at 06:56 PM. Reason: //u/s/ ;-p
 
Old 09-18-2012, 10:46 AM   #5
jamesf
Member
 
Registered: Dec 2004
Location: USA
Distribution: Slackware 12 and higher
Posts: 229

Rep: Reputation: 51
Try the boot option "console=/dev/tty1" after setting up -:myuser:console That should set the linux console concept to /dev/tty1, and login attempts there should then run afoul of your rule. For extra fun you ought to be able to log in on /dev/tty2.

The console is a separate concept, and can be local, remote, serial, etc.
 
Old 09-18-2012, 11:49 AM   #6
BlackRider
Member
 
Registered: Aug 2011
Distribution: Slackware
Posts: 261

Original Poster
Rep: Reputation: 82
Quote:
Try the boot option "console=/dev/tty1" after setting up -:myuser:console
Nice try, but it didn't work :-) I just passed console=/dev/tty1 to Lilo and logged in as myuser in tty1, disobeying the rule.

Is there a way to set the "console" variable with a live kernel running?
 
Old 09-19-2012, 01:36 PM   #7
jamesf
Member
 
Registered: Dec 2004
Location: USA
Distribution: Slackware 12 and higher
Posts: 229

Rep: Reputation: 51
You're beyond me with that one. Sorry.
 
Old 09-19-2012, 02:00 PM   #8
AlleyTrotter
Member
 
Registered: Jun 2002
Location: Coal Township PA
Distribution: Slackware64-14.1 (3.18.0) UEFI enabled
Posts: 360

Rep: Reputation: 77
# The third field should be a list of one or more tty names

it does not mention console

john
 
Old 09-19-2012, 02:05 PM   #9
BlackRider
Member
 
Registered: Aug 2011
Distribution: Slackware
Posts: 261

Original Poster
Rep: Reputation: 82
Quote:
it does not mention console
But the examples given in the config file do.
 
Old 09-19-2012, 02:16 PM   #10
AlleyTrotter
Member
 
Registered: Jun 2002
Location: Coal Township PA
Distribution: Slackware64-14.1 (3.18.0) UEFI enabled
Posts: 360

Rep: Reputation: 77
so what is it
you say you are logging in from tty
but you are trying to restrict console

WTF
 
Old 09-19-2012, 02:21 PM   #11
BlackRider
Member
 
Registered: Aug 2011
Distribution: Slackware
Posts: 261

Original Poster
Rep: Reputation: 82
It is just that I supposed that "console" would include the virtual consoles, when it seems it doesn't :-)
 
Old 09-20-2012, 06:27 AM   #12
wildwizard
Member
 
Registered: Apr 2009
Location: Oz
Distribution: slackware64-14.0
Posts: 755

Rep: Reputation: 227Reputation: 227Reputation: 227
The correct console= usage is just the device name not the full path

So "console=tty1" would work

Now for some weirdness

According to the docs on the kernel console should default to tty0 which should be the first tty (ALT+F1) however testing here shows that the first tty is actually tty1 (ALT+F1)

Now back to what you want to achieve according to the man page there are 2 more options you can use on that line ALL or LOCAL

So this should produce the result that you seem to be looking for :-
-:myuser:LOCAL

Assuming that the man page is any good.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: ETC where the config files lurk, examples with grub LXer Syndicated Linux News 0 11-05-2011 03:21 AM
Cant access php.ini file, is there some cPanel restrictions? condoace Linux - Newbie 1 02-28-2010 11:33 AM
using pam to override file access restrictions gearoid_murphy Linux - General 7 08-26-2009 04:43 AM
cant conect to w2k shutting down ipchains works whats wrong with config file ? dewcansam Linux - Networking 2 10-27-2006 06:59 AM
Strange file access restrictions in kernel-headers directory zero79 Debian 3 04-30-2004 11:17 PM


All times are GMT -5. The time now is 07:19 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration