*BSD News Article 98734


Return to BSD News archive

Path: euryale.cc.adfa.oz.au!platinum.sge.net!como.dpie.gov.au!news.gan.net.au!act.news.telstra.net!vic.news.telstra.net!news.mira.net.au!news.netspace.net.au!news.mel.connect.com.au!munnari.OZ.AU!news.Hawaii.Edu!news.caldera.com!enews.sgi.com!nntprelay.mathworks.com!news.mathworks.com!uunet!cracked.inspace.net!root
From: Todd D Suess <root@cracked.inspace.net>
Newsgroups: comp.unix.bsd.freebsd.misc
Subject: Access Control Question
Date: 30 Jun 1997 04:00:26 GMT
Lines: 34
Message-ID: <5p7b0q$h1@news1-alterdial.uu.net>
NNTP-Posting-Host: cracked.inspace.net
X-Newsreader: TIN [UNIX 1.3 unoff BETA 970424; i386 FreeBSD 2.2.2-RELEASE]
Xref: euryale.cc.adfa.oz.au comp.unix.bsd.freebsd.misc:43720

Greets All,

I am attempting to set up restricted access to my system, while allowing a 
user to log in via FTP.  The file login.access is supposed to accomplish the
first part, by selectively denying login via console, telnet, or rlogin, the 
only problem is..  I can't get it to work..  The file is well commented, yet
by following the example for a user called "purkman" in group "guest", it 
stubbornly refuses to work..  The entry is as follows..

-:purkman:ANY

or 

-:guest:ANY

both of which should work according to the examples, yet in both cases the 
user in question can still connect and login any way he feels like..  

I know that root and toor are restricted by default from logging in from 
anywhere except the console, and I was sure I seen a file somewhere in
/etc which detailed that, but damned if I can find it now..  How does the
system restrict root and toor?  Via some kind of check for UID 0, or is
is via a file somewhere?  Could other users be added to said file, and NOT to 
the /etc/ftpusers file so that login would be disallowed, but ftp would still 
work?  I read the revelent man pages, etc, but did not find much of anything, 
and as stated earlier, the login.access file appears broken, at least for 
me..  :)   Any useful hints would be most appreiciated..  The people in this
group are super at helping, hopefully one of these days I will know FreeBSD 
inside and out and I can ANSWER the questions instead of asking them..  <g>

Thanks!

Todd