SUMMARY: Limiting user access to particular workstations

From: Marcus Filipsson (marcus@galaxy.ling.lu.se)
Date: Mon Mar 17 1997 - 03:53:49 CST


My original questions:

I am setting up a particular combination of workstations running Solaris 2.5.1
and Linux, and I want to restrict the access for the users in different ways. I
am aware of the restricted shell (/usr/lib/rsh), but I don't find this
sufficient. I have the following questions:

1) Can I limit a user's access so that he may only log in on a particular (set
of) hostname(s)?

2) Can I limit a user's access so may be able to run ONLY remote shells (rsh)
and not be able to log in on any console?
-----
1)
I got several replies. One was to use the features of NIS (which I am already
running). By putting users in the machine's local passwd and not in the NIS map,
they will only be able to log into those machines. This is a bit cumbersome, and
difficult to maintain. The solution I decided on was to set up the users shell
in the NIS passwd map to be /bin/myshell and on those machines where I wanted
the user to be allowed to log in I made a link from /bin/csh to /bin/myshell.
This will work fine on those machines, but the user will be kicked out on the
others due to invalid shell.
Another possibility is to make the users .login file owned by root and not
writable by the user. The you can put something like this in the .login file:

set HOST=`hostname`
switch ("$HOST")
case "good_host1":
        breaksw
case "good_host2":
        breaksw
default:
        logout
        breaksw
endsw

I am aware that none of these solutions probably are "high security".

2)
Several people misunderstood this question and assumed I wanted to restrict a
user to login ONLY at the console and not vice versa. Anyway, I do not have any
solution to my question.

Thanks to all who replied!
Marcus



This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:11:48 CDT