I have a question about user policies which I hope some can provide some guidance. I have a small set of users who are tightly restricted on our network. They are only allowed to log into certain machines, and mount specific filesystems located on other machines. At the moment we have these systems locked down through a combination of local system accounts, and static mounts in fstab.

I have setup a few test accounts, created an HBAC Rule, and a custom automount map for each account. Is this the best way to achieve this? Is there a way to create a policy to restrict users to specific filesystems? In my ideal world, it would be great to have the restricted user to login, have the restrictions applied, then have a non-restricted user log onto the same machine, and still have access as they would on another machine.

So, what are your thoughts/

*Michael Rainey*
Network Representative

Manage your subscription for the Freeipa-users mailing list:
Go to for more info on the project

Reply via email to