[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Security options

From: Phil R Lawrence
Subject: Re: Security options
Date: Thu, 19 Dec 2002 13:00:14 -0500
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.1) Gecko/20021003

Yesterday we were discussing the following set-up:
  - user account 'phil'
  - user account 'cvs-phil' with shell /sbin/nologin
  - cvs-phil has group rights to modify projects
  - SSH configuration allows cvs-phil only to run cvs

As Mark pointed out, /sbin/nologin prevents phil (or anyone else) from su'ing to cvs-phil.

However, it also prevents an SSH connection, which causes an error when using cvs:
  cvs update: warning: unrecognized response `This account
  is currently not available.' from cvs server

My best idea is to leave cvs-phil with a regular shell, but disallow su'ing to cvs-phil (via chuser on AIX, but how about linux?). Since our server will be physically secured, no one could directly log onto the console as cvs-phil. Then SSH will be configured to only allow the cvs command.

Any other thoughts?


reply via email to

[Prev in Thread] Current Thread [Next in Thread]