restrict remote logins to service accounts.

Mailing List

Home

Forum Home

Linux - General Red Hat Linux discussion list

Installation - Getting started with Red Hat Linux

Enterprise Linux 3 - Discussion of Red Hat Enterprise Linux 3 (Taroon)

Red Hat Linux 9 - Discussion of Red Hat Linux 9 (Shrike)

Red Hat Linux 7.2 - Discussion of Red Hat Linux 7.2 (Enigma)

Red Hat Linux 7.3 - Discussion of Red Hat Linux 7.3 (Valhalla)

Apache Web Server

Oracle database, Microsoft SQL server ...

Subjects

•	application/x mplayer2 plugin
•	RPM error: db4 error(16) from dbenv >remove: Device or resource busy
•	Command stream end of file while reading
•	X Windows problem (xauth)
•	Upgrading openoffice 1 1 rpm
•	FTP: connection refused
•	FTP: connection refused
•	mount: /dev/cdrom: is not a valid block device
•	Dell Precision 650, RedHat 9, no sound
•	how to trace the cause resulting in the crash of bind server
•	Virus on the list
•	UNINSTALL RPM MYSQL
•	usb pen drives: mounting as a user
•	broadcom network interface
•	make mrproper
•	sendmail configuration on redhat
•	Couldn 't open PID file /var/run/named/named pid Permission denied
•	Promise 378 controller
•	kernel 2 6 and /dev/sound/mixer not found
•	Problem using up2date
•	mrtg step by step howto/configuration for a newbie?
•	Compiling and Installing Kernel 2 6
•	Can 't locate module ppp0, can 't locate module ppp compress 21
•	HOW I CAN MAKE BOOTABLE FLOPPY DISKET
•	Lotus Notes under Wine
•	/etc/security/limits conf question
•	Intel E/1000 driver
•	Command stream end of file while reading
•	rpm database corrupt
•	qla2300 modules

restrict remote logins to service accounts.

restrict remote logins to service accounts.

2006-01-17 - By Ed Wilts

Back

Reply: 1 2 3 4 5 6 7 8 9 10 >>

On Tue, Jan 17, 2006 at 09:35:34AM -0600, David.Knight@(protected) wrote:
> I have an issue with Admins/DBA's logging into my servers directly as
> service accounts such as user 'oracle'. I have had a hard time getting
> people to adopt the use of sudo. I am at the point where I need to
> restrict direct logins to these accounts. My goal is to force people to
> sudo to the service accounts from there assigned user account. I only
> allow ssh/scp connections to my servers. I have tried the sshd.config
> option "AllowUsers" but this also restricts scp logins. I can;t restrict
> this for automated processes run under the service accounts use scp. So
> the only thing I need to restrict is direct remote "ssh" logins.

The easiest thing to do (I think) is to change the shell for oracle to
/bin/false. That will kill all remote access but should allow the scp
to continue.

The admins then need to do something like sudo su - -s /bin/bash oracle.
This is how I maintain all my external FTP users that don't have shell
access and I need to do work in their account areas.

.../Ed

--
Ed Wilts, RHCE
Mounds View, MN, USA
mailto:ewilts@(protected)
Member #1, Red Hat Community Ambassador Program

--
Taroon-list mailing list
Taroon-list@(protected)
https://www.redhat.com/mailman/listinfo/taroon-list