On Fri, Sep 25, 2009 at 2:35 PM, Roger Searle <[email protected]> wrote: > steve wrote: >> >> On Fri, 2009-09-25 at 10:38 +1200, Roger Searle wrote: >> >>> >>> Hi, I have a kubuntu 8.04 LTS machine acting as a file server (samba) for >>> our network with various users / permissions set up. Given that from time >>> to time I use the machine for the odd desktop-related task or to do things >>> I've not learnt to do via ssh, it has a (normally switched off) monitor, >>> keyboard and mouse attached. Users are listed in the login window, despite >>> turning off the Users "show list" option and only having my own username >>> selected under "selected users" in "Login Manager" (this seems to be >>> somewhat broken). Anyway, as I understand it, this is just a convenience >>> thing and a user could still manually enter their username and password in >>> the login window. >>> >>> I am interested in preventing specific users from logging in locally to a >>> desktop but retaining their account for the purposes of serving up files on >>> the network. Can anyone point me in the right direction for this? I'm not >>> having any luck googling. This doesn't need to be particularly clever, >>> secure or a highly locked down configuration, just a barrier to casual gui >>> login attempts. >>> >>> Cheers, >>> Roger >>> >> >> Try manipulating their shells ( worst case using sudo vipw ). You should >> be able to set them to /bin/false ( make use that's in /etc/shells ), >> and they will still be able to access shares. >> >> hth, >> >> Steve >> > > This certainly stops an "ssh u...@machine" login, however the user could > still sit at the actual machine, log in locally and get up a gui desktop > (which is what I am looking to stop). > Roger > >
The answer to this isn't as easy as it sounds, or the google-fu is not right. One option, disable gdm altogether by sudo update-rc.d gdm remove Then start gdm manually when you want to login: sudo /etc/init.d/gdm start and then sudo /etc/init.d/gdm stop when you have finished. Joe user doesn't even know what to do with your console logon window if he turns the screen on.
