LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   IP & Password Protection (https://www.linuxquestions.org/questions/linux-security-4/ip-and-password-protection-18153/)

karunesh 04-10-2002 12:12 AM

IP & Password Protection
 
Hi,

I just want to know "Is it possible to restrict a file access on basis of IP in Linux ?.That is can I restrict some IPs not to access particular file and at the same time other can access it.

Another thing I want to know "Is it possible to password protect a file in Linux ?".

Please let me know.

:Pengy:

unSpawn 04-10-2002 02:46 AM

How are you serving these files? Please elaborate.

Btw, there was a thread in one of the other forums here where they mentioned adding the file to a separate passwd'ed group, so ppl have to change to that group to access the file. Under PAM this could prolly have access restrictions by IP as well. Haven't tried it tho.

russell 04-10-2002 05:32 AM

IP & Password Protection
 
Hi unSpawn and Karunesh,


This is an exciting issue, only if "unSpawn's" guess could prolly be true.

Karunesh must be talking of files on the linux filesystem. I can never imagine that this could be done.

I'm looking forward for more details from unSpawn on how he can use PAM to do this.

Others can come up with suggestions too.

Thanks,
Russell.

karunesh 04-10-2002 05:44 AM

Clear the Things
 
UnSpawn,

Please let me know how the things working through PAM.
And if you have any link which describe all that " Protecting Linux files by IP and Password",then please post it here.

:Pengy:

unSpawn 04-10-2002 03:57 PM

Like I said before this is kinda hearsay, haven't tried it myself, but I guesstimate it'll go like this:
Add group and passwd, add users as member to group, mkdir dir and chown dir to group.
Now users that are member of group can chgrp to it. For using PAM /etc/security/access.conf could provide coverage denying by host, but if you got much users (also dyn. IP's) this will be very cumbersome, better deny by username. There's a PAM module that can read usernames from a file (like ftpusers), maybe add that to the PAM stack when users do chgrp.

Plz read some docu before shooting yourself in one of your own extremities of choice: all about groups (part 4) and the Linux-PAM SAG (part 6).

*And no, I haven't got the thread about this all but I told you it's on this site, so just search, it's not like you gotta wade tru all of the net rite?


All times are GMT -5. The time now is 05:37 AM.