[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [ot] how to create a user that can't log in?

hi ya nathan

> No, it's not the right way.  The daemons need to run as the project
> user, not the individual user.

i usually wonder why scripts need to be run as a specific user 
( webmaster -- seems to be a popular example ...

-- solution i use... webmaster does NOT get a login prompt for anybody
	- cgi scripts that create /home/httpd/html/foo.new  directories
	and files are responsible for changing the dirs/permissions

- what about the script or user doing an "sudo"  
	- i dont remember if sudo requires a shell prompt

	- i'd try sudo before i'd play with pam... just my dumb guess

- the script too can do a "su - project" ( aka su - news )  while/before 
  the news scripts starts running

- you could also restrict xyz logins only from certain ip# and only on
  certain console/terminals
	- remote users, dialups, etc annot run the same commands
	remotely unless they are say physically in front of the machine

> I know how to set up groups, permissions, etc. ... been doing that for
> several years now.

-- sorry... was my first dumb answer to try to solve it
> What I'm wondering is if PAM or some other mechanism can be used to
> prevent a user from logging in via a network connection.  It looks
> like people here don't know; that's fine, I'll continue researching.

hopefully... you'll post the final implementation ??

have fun linuxing

Reply to: