Thanks for the almost immediate replies!
Summary of my question:
Trying to disallow logins for all but a selected few managers but still knowing
who everybody was via NIS.
Summary of solutions (in order of suitabilty for our situation):
1. put the following entry at the end of /etc/passwd
+@admin::0:0::: (this is optional and admin is a netgroup)
+::0:0:::/usr/local/etc/not_welcome
where not_welcome can be a simple script that type out a messages telling
users to use other machines instead.
This will take care of almost everything, telnet, ftp, rlogin and rsh.
For explanation see "man 5 passwd"
2. create a file /etc/nologin and both telnet and rlogin will be taken
care of. [see man login]
Only root can login when an /etc/nologin file exists. This does not prevent
rsh or ftp.
3. remove entries for in.telnetd, in.rshd and in.rlogind.
======================
Most people seem to like solution 1. I feel grateful to all who responded,
in order of mail arrival:
jeg@ced.berkeley.edu
datri@lovecraft.convex.com [who interestingly suggest that we should forget
about NIS]
magi@csd.uwo.ca
brendan@cs.widener.edu
jgreely@cis.ohio-state.edu
edguer@alpha.ces.cwru.edu
macphed@dvinci.usask.ca
trc@uludag.ESD.3Com.COM
johnb@edge.CIS.McMaster.CA
This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:06:14 CDT