Welcome to the MacNN Forums.

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

You are here: MacNN Forums > Our Archives > General Archives > Servers > Blocking Users From Logging In

 
Blocking Users From Logging In
Thread Tools
l008com
Addicted to MacNN
Join Date: Jan 2000
Location: Stoneham, MA, USA
Status: Offline
Aug 1, 2003, 04:45 PM
 
I'm looking for a way to, in 10.2 Server, prevent a bunch of users to be able to log in using ssh. They are all mail users, and I wouldn't want someone to be able to gain my mail password and gain access to my computer with it. I know i 10.1 Server the admin app had an option to prevent logging in of users, but I don't see a similar option in the Workgroup Manager app. Where is it?
Discontinue IE Petition Restaurant Menus ColdMac Mac Repair Boston WhatsMyIP
     
Cipher13
Clinically Insane
Join Date: Apr 2000
Status: Offline
Aug 5, 2003, 09:03 AM
 
This shouldn't really be a concern... gathering passwords...

Either way, why not set their shell to /dev/null or something equally fallacious?

What kind of mail server system are you running? The standard one? Depending on the password scheme you use, you could even set the users password to "*" to deny login...
     
gatorparrots
Dedicated MacNNer
Join Date: Dec 2002
Location: someplace
Status: Offline
Aug 5, 2003, 05:28 PM
 
man sshd_config 
Code:

AllowGroups
             This keyword can be followed by a list of group name patterns,
             separated by spaces.  If specified, login is allowed only for
             users whose primary group or supplementary group list matches one
             of the patterns.  `*' and `'?  can be used as wildcards in the
             patterns.  Only group names are valid; a numerical group ID is
             not recognized.  By default, login is allowed for all groups.
...

AllowUsers
             This keyword can be followed by a list of user name patterns,
             separated by spaces.  If specified, login is allowed only for
             users names that match one of the patterns.  `*' and `'?  can be
             used as wildcards in the patterns.  Only user names are valid; a
             numerical user ID is not recognized.  By default, login is
             allowed for all users.  If the pattern takes the form USER@HOST
             then USER and HOST are separately checked, restricting logins to
             particular users from particular hosts.
For my configuration, I have:
AllowGroups admin
in /etc/sshd_config.
     
Xeo
Moderator Emeritus
Join Date: Mar 2001
Location: Austin, MN, USA
Status: Offline
Aug 6, 2003, 04:54 AM
 
In Workgroup Manager you can set the login shell to whatever you want. "/sbin/nologin" is a good one because it gives them a message before logging them out.

I can't remember off hand but I thought there was a check box for keeping users from logging in. I'll have to check when I have access to my server again.
     
 
   
Thread Tools
Forum Links
Forum Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On
Top
Privacy Policy
All times are GMT -5. The time now is 06:46 AM.
All contents of these forums © 1995-2011 MacNN. All rights reserved.
Branding + Design: www.gesamtbild.com
vBulletin v.3.8.7 © 2000-2011, Jelsoft Enterprises Ltd., Content Relevant URLs by vBSEO 3.3.2