Return to BSD News archive
Path: euryale.cc.adfa.oz.au!platinum.sge.net!como.dpie.gov.au!news.gan.net.au!act.news.telstra.net!vic.news.telstra.net!news.mira.net.au!news.netspace.net.au!news.mel.connect.com.au!munnari.OZ.AU!news.Hawaii.Edu!news.caldera.com!enews.sgi.com!nntprelay.mathworks.com!news.mathworks.com!uunet!cracked.inspace.net!root From: Todd D Suess <root@cracked.inspace.net> Newsgroups: comp.unix.bsd.freebsd.misc Subject: Access Control Question Date: 30 Jun 1997 04:00:26 GMT Lines: 34 Message-ID: <5p7b0q$h1@news1-alterdial.uu.net> NNTP-Posting-Host: cracked.inspace.net X-Newsreader: TIN [UNIX 1.3 unoff BETA 970424; i386 FreeBSD 2.2.2-RELEASE] Xref: euryale.cc.adfa.oz.au comp.unix.bsd.freebsd.misc:43720 Greets All, I am attempting to set up restricted access to my system, while allowing a user to log in via FTP. The file login.access is supposed to accomplish the first part, by selectively denying login via console, telnet, or rlogin, the only problem is.. I can't get it to work.. The file is well commented, yet by following the example for a user called "purkman" in group "guest", it stubbornly refuses to work.. The entry is as follows.. -:purkman:ANY or -:guest:ANY both of which should work according to the examples, yet in both cases the user in question can still connect and login any way he feels like.. I know that root and toor are restricted by default from logging in from anywhere except the console, and I was sure I seen a file somewhere in /etc which detailed that, but damned if I can find it now.. How does the system restrict root and toor? Via some kind of check for UID 0, or is is via a file somewhere? Could other users be added to said file, and NOT to the /etc/ftpusers file so that login would be disallowed, but ftp would still work? I read the revelent man pages, etc, but did not find much of anything, and as stated earlier, the login.access file appears broken, at least for me.. :) Any useful hints would be most appreiciated.. The people in this group are super at helping, hopefully one of these days I will know FreeBSD inside and out and I can ANSWER the questions instead of asking them.. <g> Thanks! Todd