Hi, Does any body know how can i control concurrent user access to the system? Which this is used to set a user access policy.
Thanks Jason Lim wrote: > > How about if let say i put my script on the /etc/passwd which replace > /bin/bash. > What will happen if i don't have any default shell? > > "James P. Roberts" wrote: > > > > > I can't turn off telnet/rlogin services because i'm restrict certain > > > user only. > > > > > > "Taylor, ForrestX" wrote: > > > > > > > > > From: Jason Lim [mailto:[EMAIL PROTECTED]] > > > > > > > > > > Hi all, > > > > > > > > > > I'm using Redhat 7.1 as my Application server. I have develop an > > > > > inventory application for my customer. What my qustion is I'm > > going to > > > > > create an user which can only access from my own application but > > then > > > > > cannot access from telnet or rlogin..? > > > > > Please advise. > > > > > Thanks. > > > > > > > > Either use a firewall and only allow the ports that your application > > is > > > > using, or simply turn off telnet/rlogin. > > > > > > > > Forrest > > > > My suggestion would be to use xinetd to listen on the appropriate > > port(s), and hand off to the custom application after validating the > > user. I'm pretty sure xinetd can do that, although the term > > "TCP-wrappers" also comes to mind -- Could someone kindly kick-start my > > brain on that? IIRC, you compile xinetd with TCP-wrappers support, and > > specify in the corresponding xinetd configuration file (which will be a > > file with same name as the desired service, placed in /etc/xinetd.d/) > > which users are permitted what level of access to that service. Make > > sure xinetd is enabled at boot time, and also make very sure that you > > have disabled any xinetd services that you do not want running! > > (Typically by setting "disable = yes" in, or by deleting, the > > corresponding files in /etc/xinetd.d). > > > > This can also be used to restrict access to rlogin and telnet, if I am > > not mistaken. > > > > The suggestion to lock down all unused ports with a good firewall is > > also an excellent suggestion. I recommend iptables; it is the newest, > > most flexible, and most powerful of the Linux firewalls, that I am aware > > of (it replaces the older ipchains, and still older ipfwadm). If you > > are responsible for a Linux server, I strongly recommend learning this > > technology. > > > > Regards, > > Jim > > > > _______________________________________________ > > Seawolf-list mailing list > > [EMAIL PROTECTED] > > https://listman.redhat.com/mailman/listinfo/seawolf-list > > _______________________________________________ > Seawolf-list mailing list > [EMAIL PROTECTED] > https://listman.redhat.com/mailman/listinfo/seawolf-list _______________________________________________ Seawolf-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/seawolf-list
