Nick Rout wrote:
On Fri, Sep 25, 2009 at 2:35 PM, Roger Searle <[email protected]> wrote:
steve wrote:
On Fri, 2009-09-25 at 10:38 +1200, Roger Searle wrote:
Hi, I have a kubuntu 8.04 LTS machine acting as a file server (samba) for
our network with various users / permissions set up. Given that from time
to time I use the machine for the odd desktop-related task or to do things
I've not learnt to do via ssh, it has a (normally switched off) monitor,
keyboard and mouse attached. Users are listed in the login window, despite
turning off the Users "show list" option and only having my own username
selected under "selected users" in "Login Manager" (this seems to be
somewhat broken). Anyway, as I understand it, this is just a convenience
thing and a user could still manually enter their username and password in
the login window.
I am interested in preventing specific users from logging in locally to a
desktop but retaining their account for the purposes of serving up files on
the network. Can anyone point me in the right direction for this? I'm not
having any luck googling. This doesn't need to be particularly clever,
secure or a highly locked down configuration, just a barrier to casual gui
login attempts.
Cheers,
Roger
Try manipulating their shells ( worst case using sudo vipw ). You should
be able to set them to /bin/false ( make use that's in /etc/shells ),
and they will still be able to access shares.
hth,
Steve
This certainly stops an "ssh u...@machine" login, however the user could
still sit at the actual machine, log in locally and get up a gui desktop
(which is what I am looking to stop).
Roger
The answer to this isn't as easy as it sounds, or the google-fu is not right.
One option, disable gdm altogether by
sudo update-rc.d gdm remove
Then start gdm manually when you want to login:
sudo /etc/init.d/gdm start
and then
sudo /etc/init.d/gdm stop
when you have finished.
Joe user doesn't even know what to do with your console logon window
if he turns the screen on.
Thanks - was just reading your post in the other thread and thought this
looks to be an ideal solution.
Cheers,
Roger
