[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Security options :-(
From: |
Zieg, Mark |
Subject: |
RE: Security options :-( |
Date: |
Tue, 17 Dec 2002 10:33:03 -0500 |
> > That is, cvsphil can't login from the console, from telnet,
> > rlogin, etc. I think this is mainly done by setting his login shell to
> > "/sbin/nologin" or the equivalent.
>
> You'll also need to configure cvsphil such that he can only log on with
> a particular keypair. Otherwise, what stops phil from using the su
> command to sidestep this elaborate configuration?
[/home/mzieg] mzieg $ grep cvsmark /etc/passwd
cvsmark:x:510:510:CVS-only account for Mark Zieg:/home/cvsmark:/sbin/nologin
[/home/mzieg] mzieg $ su cvsmark
Password:
This account is currently not available.
[/home/mzieg] mzieg $ su cvsmark -c "ls /usr/local/cvsroot"
Password:
This account is currently not available.