Securing the Server
Steve Simmons
scs at lokkur.UUCP
Sat Apr 22 08:43:42 AEST 1989
anderer at vax1.acs.udel.edu (David G Anderer) writes:
>My one solution was to use some file other than /etc/passwd as the YP
>passwd map (such as /etc/passwd.clients). That works, except the server
>then has no knowledge of these accounts, and so things like ls -l on the
>server are messy because they display user numbers rather than user names.
>
>If there a way (short of source) to only allow SOME accounts remote access
>to the server?
Several, but you've already got 99% of your solution. Use an alternate
file for yp password management. Write a filter that will take the yp
alternate file will change line like
scs:xaoiuSUDF&879:102:102:Steve Simmons:/u/scs:/bin/ksh
to
scs:xaoiuSUDF&879:102:102:Steve Simmons:/u/scs:/etc/sorrysh
^^^^^^^^^^^
Put this new file into /etc/passwd. Now when people rlogin to the server,
they get the program /etc/sorrysh as their shell. Here's the code for
/etc/sorrysh:
main()
{
(void) printf( "Sorry, you can't log into the server.\n" ) ;
}
And now they can't log in.
You'll probably want to make a list of 'exempt' ids who get their
normal shells. The script is left as an exercise for the student... :-)
--
Steve Simmons, Inland Sea Software, Ltd. scs at lokkur.dexter.mi.us
9353 Hidden Lake, Dexter, MI. 48130 313-426-8981
More information about the Comp.sys.sun
mailing list