 | | | User access question. | User access question. 2003-02-19 - By Jason Lim
Back
Hi,
Does any body know how can i control concurrent user access to the
system?
Which this is used to set a user access policy.
Thanks
Jason Lim wrote:
>
> How about if let say i put my script on the /etc/passwd which replace
> /bin/bash.
> What will happen if i don't have any default shell?
>
> "James P. Roberts" wrote:
> >
> > > I can't turn off telnet/rlogin services because i'm restrict certain
> > > user only.
> > >
> > > "Taylor, ForrestX" wrote:
> > > >
> > > > > From: Jason Lim [mailto:limcm@(protected)]
> > > > >
> > > > > Hi all,
> > > > >
> > > > > I'm using Redhat 7.1 as my Application server. I have develop an
> > > > > inventory application for my customer. What my qustion is I'm
> > going to
> > > > > create an user which can only access from my own application but
> > then
> > > > > cannot access from telnet or rlogin..?
> > > > > Please advise.
> > > > > Thanks.
> > > >
> > > > Either use a firewall and only allow the ports that your application
> > is
> > > > using, or simply turn off telnet/rlogin.
> > > >
> > > > Forrest
> >
> > My suggestion would be to use xinetd to listen on the appropriate
> > port(s), and hand off to the custom application after validating the
> > user. I'm pretty sure xinetd can do that, although the term
> > "TCP-wrappers" also comes to mind -- Could someone kindly kick-start my
> > brain on that? IIRC, you compile xinetd with TCP-wrappers support, and
> > specify in the corresponding xinetd configuration file (which will be a
> > file with same name as the desired service, placed in /etc/xinetd.d/)
> > which users are permitted what level of access to that service. Make
> > sure xinetd is enabled at boot time, and also make very sure that you
> > have disabled any xinetd services that you do not want running!
> > (Typically by setting "disable = yes" in, or by deleting, the
> > corresponding files in /etc/xinetd.d).
> >
> > This can also be used to restrict access to rlogin and telnet, if I am
> > not mistaken.
> >
> > The suggestion to lock down all unused ports with a good firewall is
> > also an excellent suggestion. I recommend iptables; it is the newest,
> > most flexible, and most powerful of the Linux firewalls, that I am aware
> > of (it replaces the older ipchains, and still older ipfwadm). If you
> > are responsible for a Linux server, I strongly recommend learning this
> > technology.
> >
> > Regards,
> > Jim
> >
> > __ ____ ____ ____ ____ ____ ____ ____ ____ ____
> > Seawolf-list mailing list
> > Seawolf-list@(protected)
> > https://listman.redhat.com/mailman/listinfo/seawolf-list
>
> __ ____ ____ ____ ____ ____ ____ ____ ____ ____
> Seawolf-list mailing list
> Seawolf-list@(protected)
> https://listman.redhat.com/mailman/listinfo/seawolf-list
|
|
|