Hi I would like to restrict permission to execute rsh commands on a RedHat6.0 machine to certain groups only. I thought I had the problem solved by doing the following with pam: 1. in /etc/security I edited the group.conf file, that is, I added a line including those groups that are allowed (the rest, by default would be disallowed): The listing is: services;ttys;users;times;groups so I added: rsh; tty* ;* ;group1, group2, group3 to the groups file. That is, on all ttys (tty*), all users (*) of group1, group2 and group3 are allowed to use rsh 2. In the /etc/pam.d directory I edited the rsh file and added the following line: session required /lib/security/pam_group.so But when I tried to do a remote command, nobody was able (even those belonging to group1, group2 and group3) to use rsh any longer. I think the problem is that pam looks for groups in /etc/group ie for groups listed on the local machine. The groups I would like to be able to run rsh commands however, are in the NIS database ie in a NIS group file. But even adding one of the groups in the local /etc/group file didn't make any difference. Still, it could be a problem that pam authentication is not getting information about groups from NIS. The question is, how can that be rectified? Simply put, how can I limit rsh commands to a particular machine to certain groups, the groups being defined in a NIS database? If there is another way to do this that would be equally satisfactory . Any help will be most appreciated. Thanks very much. Hugo -- Dr Hugo Bouckaert - Systems Administrator, Computer Science UWA Tel: +(61 8) 9380 2878 / Fax: +(61 8) 9380 1089 Email: [EMAIL PROTECTED] / Web: http://www.cs.uwa.edu.au/~hugo
