LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
LinkBack Search this Thread
Old 02-26-2013, 07:08 PM   #1
max.b
LQ Newbie
 
Registered: Feb 2013
Posts: 1

Rep: Reputation: Disabled
is my pam_time.so broken or am I using it incorrectly (to restrict http access) ?


I've read that PAM can be used to restrict HTTP access for some users, but I can't figure out how to do it in Ubuntu 12.04.

The `/etc/security/time.conf` man page contains this example:

Quote:
All users except for root are denied access to console-login at all times:

Code:
login ; tty* & !ttyp* ; !root ; !Al0000-2400
For this to work, `/etc/pam.d/login` needs to have a line

Code:
   account    requisite  pam_time.so
This example works, and I tried to adapt it to limit HTTP access from the console. I added
Code:
    http ; tty* & !ttyp* ; !root ; !Al0000-2400 # will fix "time" later
to `/etc/security/time.conf`, and created `/etc/pam.d/http` with

Code:
   account    requisite  pam_time.so
This doesn't work. I can still use `wget` as non-root from the console.
 
Old 02-27-2013, 01:09 PM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 26,539
Blog Entries: 51

Rep: Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604
Quote:
Originally Posted by max.b View Post
is my pam_time.so broken or am I using it incorrectly (to restrict http access) ?
The latter I'm afraid.


Quote:
Originally Posted by max.b View Post
I've read that PAM can be used to restrict HTTP access for some users
Where did you read that?


Quote:
Originally Posted by max.b View Post
I tried to adapt it to limit HTTP access from the console. (..) This doesn't work. I can still use `wget` as non-root from the console.
PAM stacks are tied to system services and applications that involve authentication, require root privileges or need other user management. There's ways to do what you want from using PAM consolehelper to combining the iptables time and owner modules to whatever-modifying cron jobs but some suggestions may not apply. Please describe in detail what you want to do and if this applies to only 'wget' or also related / equivalent tools and if it applies to a single, a group or all users.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Restrict http api calls linux1986 Linux - Security 12 05-10-2012 07:20 AM
pam_time pbwalker Linux - Security 5 10-20-2010 10:31 AM
Restrict Access to an HTTP Server and Allow the Site to be Accessible through HTTPS Hi_This_is_Dev Linux - Server 1 12-16-2009 06:53 AM
Restrict X server access using /etc/security/access.conf anand_kt Linux - General 0 04-22-2005 08:40 AM
PAM problem with module pam_time.so giacomolg Linux - Security 1 11-27-2004 07:50 AM


All times are GMT -5. The time now is 02:40 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration