SUMMARY: Avoid some users login when using NIS+
Gilberto asked:
Is it possible to deny access to some user in some machine that is part of a network using NIS+ ?
Many thanks to :
cecilp@westel.com (Cecil Pang)
Alex Dumitru <alex@innovus.com>
nobroin@esoc.esa.de (Niall O Broin - Gray Wizard)
Martin Espinoza <drink@sei.com>
carlo@hub.eng.wayne.edu (Carlo Musante)
Mark Bergman <bergman@phri.nyu.edu>
chang@sngns1.CV.Com (Chang Keng Seng)
bek@datascope.com (Keene)
Some Answers:
-------------
Cecil Wrote:
============
This is not the best way but will work and if you find a better one let
me know.
Just put in local machine /etc/passwd the same user on NIS+ but with a
locked password (e.g. put a * in the password field). since your
/etc/nsswitch.conf look at local file first then you user you do not
want will be lock out.
Carlo Musante Wrote:
====================
We used group permissions on /bin/csh.
chmod 550 /bin/csh
chgrp allowed_users /bin/csh
Anyone not in the allowed_users group can not run /bin/csh and are logged out.
If you wish to stop ftp modify /usr/sbin/in.ftpd in the same way.
Ease of implimentation is dependant on the number of groups and users.
Chang Keng Seng Wrote:
======================
You need to setup netgroup in NIS+ and do the following:
1. Edit /etc/passwd and /etc/shadow to include
+@netgroupname::::::
2. Edit /etc/nsswitch.conf to include
passwd: compat
passwd_compat: nisplus
where netgroupname is the list of users you allows to login this particular
system.
================================================================================
Thanks,
Gilberto Araujo Ventura
System Engineer - Technical Support
Dedalus Sistemas
Sao Paulo - Brazil
This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:11:01 CDT