Welcome to the most active Linux Forum on the web.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 03-22-2005, 02:33 PM   #1
Registered: Oct 2003
Location: Newport News, Va
Distribution: Debian
Posts: 246

Rep: Reputation: 30
Allowing/Denying login by group

We are using an LDAP database to store user and group accounts. Currently any user in the database can login to any server. We have one server that hosts sensitive data and only certain users should be able to access it. I would like to create a group in LDAP, and allow only members of that group, login privileges to that server. I tried using /etc/login.access to achieve this, but even with the only line "-:ALL:ALL", anyone in LDAP can successfully login to the system. Any suggestions?
Old 03-22-2005, 03:05 PM   #2
Registered: Dec 2004
Location: Ohio
Distribution: Fedora Core 3
Posts: 125

Rep: Reputation: 15
I was hoping to resolve this with an answer that involved pam... however this not the case.

pam seems to be the mythical documentation beast. We know it exists, but hell it's a pain to work magic with it. Hopefully, another veteran can find some insight in that area.

In any event, assumming sshd is your form of remote terminal access, you can just specify AllowGroups in your sshd_config file.

AllowGroups takes a list of groups that are allowed to login and all others will be denied access.

So assumming 'getent group' is working on your system this should do fine.
Old 03-22-2005, 04:14 PM   #3
Registered: Oct 2003
Location: Newport News, Va
Distribution: Debian
Posts: 246

Original Poster
Rep: Reputation: 30
Yeah, that's the only thing I can do(restrict ssh access). Considering the server is locked in the server root, it should actually be quite secure. What if the server weren't physically secure though? There has to be some way to do this.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
safe guarding your system by not allowing anyone to login as root abhis_mail2002 Fedora 6 05-14-2006 03:58 AM
VSFTPD refusing login/denying cause anon only gonus Linux - Networking 3 10-09-2005 09:22 PM
not allowing me to login as other users madamson Solaris / OpenSolaris 7 10-07-2005 06:49 AM
Disabling group login-s vasillalov Linux - Security 2 07-14-2004 07:49 PM
Denying remote root login with SuSE 7.1 midnightcommander Linux - Networking 2 07-08-2001 07:51 PM > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 03:46 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration