>How does one prevent telnet access to certain accounts? I know root is
>automatically disabled. I want to auto-disable another account. Well...
>what I'd like to do is have my account unpassworded, but disable logins
>from anywhere but my computer. Then I'd set up another account with a
>password with a home directory that is just a link to mine. This account
>would be used to login from other computers. Is there any easy perl
>script to copy all of my file's attributes from the owner field to the
>group field? Thanks. (That way the other account would have full access
>to all of the first account's files.)
i can tell you how to do it under redhat....
4.2 and less:
man getty, and find the bit abotu the 'gettydefs' file. it worked for
me.
5.0 and above: you'll need to use PAM. here's my (working) setup.
(i got this from the PAM docs oddly enough).
its a bit roundabout, but...
add to your /etc/pam.d/login file the following line:
auth required /lib/security/pam_listfile.so onerr=fail item=tty sense=allow
file=/etc/usertty apply=@new
and add only the ttyX's to the /etc/usertty file. anything listed in that
file will be an "allowable" login tty (so dont include ttypX, to discount
network logins, or ttySX for modem logins) for people in group new.
(you can of course change the file/group to meet local standards...just
change the file= bit or the apply=@ bit)
youll need to make sure you have a recent ssh rpm from ftp.replay.com,
as those are PAM-ified and will work as desired under this scheme.
tell me if you have any questions/problems...cos it works for me on
rh5.1
---------------------------------------------------------------------------
Send administrative requests to [EMAIL PROTECTED]
