Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.carno.net.au!harbinger.cc.monash.edu.au!munnari.OZ.AU!news.Hawaii.Edu!news.caldera.com!enews.sgi.com!newshub1.home.com!newshub2.home.com!news.home.com!howland.erols.net!cpk-news-hub1.bbnplanet.com!news.bbnplanet.com!dispatch.news.demon.net!demon!awfulhak.demon.co.uk!awfulhak.demon.co.uk!shift.lan.awfulhak.org!nobody
From: brian@shift.lan.awfulhak.org (Brian Somers)
Newsgroups: comp.unix.bsd.freebsd.misc
Subject: Re: Access Control Question
Date: Wed, 2 Jul 1997 00:18:51 +0100
Organization: Awfulhak Ltd.
Message-ID: <r83cp5.md8.ln@shift.lan.awfulhak.org>
References: <5p7b0q$h1@news1-alterdial.uu.net>
<5pa6sf$4kh@uriah.heep.sax.de>
Reply-To: brian@awfulhak.org, brian@utell.co.uk
NNTP-Posting-Host: shift.lan.awfulhak.org
X-NNTP-Posting-Host: awfulhak.demon.co.uk [158.152.17.1]
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Newsreader: knews 0.9.8
Lines: 40
Xref: euryale.cc.adfa.oz.au comp.unix.bsd.freebsd.misc:43779
In article <5pa6sf$4kh@uriah.heep.sax.de>,
j@uriah.heep.sax.de (J Wunsch) writes:
> Todd D Suess <root@cracked.inspace.net> wrote:
>
>> The entry is as follows..
>>
>> -:purkman:ANY
>>
>> or
>>
>> -:guest:ANY
>>
>> both of which should work according to the examples, yet in both cases the
>> user in question can still connect and login any way he feels like..
>
> It works for me:
>
> Jul 1 08:01:01 uriah login: LOGIN j REFUSED (ACCESS) ON TTY ttyv1
>
>> I know that root and toor are restricted by default from logging in
>> from anywhere except the console, and I was sure I seen a file
>> somewhere in /etc which detailed that, but damned if I can find it
>> now.. How does the system restrict root and toor? Via some kind of
>> check for UID 0, or is is via a file somewhere?
>
> By testing for UID 0 (and using the appropriate flags from /etc/ttys).
>
> Note that login.access will only work for programs actually using
> login(1), so i think ssh logins are still possible since they bypass
> login(1).
AHHHHHHH!!!!!! Thank you ;^)
That makes a freebsd-stable@freebsd.org conversation approach
reality at last !
--
Brian <brian@awfulhak.org> <brian@freebsd.org>
<http://www.awfulhak.org>
Don't _EVER_ lose your sense of humour !