Re: Limiting user access in ftp, ssh, samba, etc... 'passwords'
On Fri, Mar 24, 2000 at 12:11:59PM -0800, Percival wrote:
> I run a domain and host websites for myself and some friends. I am trying to learn all about linux/system administration/security and I want to run a responsible host as I have 24/7 Internet through a DSL. I try to run a secure box.
>
> I want to have easy freedom in limiting user access. I have killed telnetd, and only sshd. I want to allow some users access through ssh, some through ftpd, and some through samba. How can I turn off user access through ssh, but keep their account, and allow them access through ftp? Can I allow users access to shares through samba, and allow them to ftp in, but not ssh or telnet?
>
> Basically, I want the default for each service to be no access, and then add users to services indepently - each service allowing access on it own.
>
> Does this make sense? Is there an authentication package out there to deal with this?
You'll want to look at pam_listfile.so. Since each of the services you
talked about supports PAM, you can use that to configure access. The docs
for this are in the libpam-doc.
Ben
--
-----------=======-=-======-=========-----------=====------------=-=------
/ Ben Collins -- ...on that fantastic voyage... -- Debian GNU/Linux \
` bcollins@debian.org -- bcollins@openldap.org -- bmc@visi.net '
`---=========------=======-------------=-=-----=-===-======-------=--=---'
Reply to: