Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.carno.net.au!harbinger.cc.monash.edu.au!news.mel.connect.com.au!munnari.OZ.AU!news.Hawaii.Edu!news.caldera.com!enews.sgi.com!news.sgi.com!newsfeed.nacamar.de!wuff.mayn.de!wuff.franken.de!news-nue1.dfn.de!news-lei1.dfn.de!news.tu-chemnitz.de!irz401!orion.sax.de!uriah.heep!news From: j@uriah.heep.sax.de (J Wunsch) Newsgroups: comp.unix.bsd.freebsd.misc Subject: Re: Access Control Question Date: 1 Jul 1997 06:08:15 GMT Organization: Private BSD site, Dresden Lines: 35 Message-ID: <5pa6sf$4kh@uriah.heep.sax.de> References: <5p7b0q$h1@news1-alterdial.uu.net> Reply-To: joerg_wunsch@uriah.heep.sax.de (Joerg Wunsch) NNTP-Posting-Host: localhost.heep.sax.de Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-Newsreader: knews 0.9.6 X-Phone: +49-351-2012 669 X-PGP-Fingerprint: DC 47 E6 E4 FF A6 E9 8F 93 21 E0 7D F9 12 D6 4E Xref: euryale.cc.adfa.oz.au comp.unix.bsd.freebsd.misc:43775 Todd D Suess <root@cracked.inspace.net> wrote: > The entry is as follows.. > > -:purkman:ANY > > or > > -:guest:ANY > > both of which should work according to the examples, yet in both cases the > user in question can still connect and login any way he feels like.. It works for me: Jul 1 08:01:01 uriah login: LOGIN j REFUSED (ACCESS) ON TTY ttyv1 > I know that root and toor are restricted by default from logging in > from anywhere except the console, and I was sure I seen a file > somewhere in /etc which detailed that, but damned if I can find it > now.. How does the system restrict root and toor? Via some kind of > check for UID 0, or is is via a file somewhere? By testing for UID 0 (and using the appropriate flags from /etc/ttys). Note that login.access will only work for programs actually using login(1), so i think ssh logins are still possible since they bypass login(1). -- cheers, J"org joerg_wunsch@uriah.heep.sax.de -- http://www.sax.de/~joerg/ -- NIC: JW11-RIPE Never trust an operating system you don't have sources for. ;-)