-----Original Message----- From: shrike-list-admin@xxxxxxxxxx [mailto:shrike-list-admin@xxxxxxxxxx] On Behalf Of Chan Min Wai Sent: Monday, September 29, 2003 1:33 AM To: shrike-list@xxxxxxxxxx Subject: Re: File Server irritants (newbie) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Robert L Cochran 提到: > > > Buck wrote: > >> 1) Prevent users from logging in at the keyboard of the server. >> The users buck, root and net manager will need permission to log from >> the keyboard but I don't want ANYONE in the company to have access to >> the server directly from the keyboard. Quote: I don't know why you are having problem on this, If your client is purly Windows, Just set the login prompt to /sbin/false on the /etc/passwd files. And that is a done :) So then you can control who can login who cannot by using that Hum, But This is only ture for M$ Windows login. If you really want to restrict people touching your Server, Using Pam Will be a better idea. Set a group of people that is allow to login on the Virtual terminal. EndQuote: I don't know if I am misunderstanding you or you are misunderstanding me. You come across as if you believe that I don't want the users to log in from their own computers. That isn't the case. Their usernames and passwords are syncronized on the server and the workstations. When they log in on the workstations, that logs them into the server transparantly. My problem has been that the server sat on a table in an open public area. The employees on the workstations gave their passwords out as freely as a resteraunt gives party mints. Employees that have no computers or access give the passwords to their kids and let the kids free on the computers or they use the workstations to surf the web, porn sites, etc. The server is a Windows 2000 Pro computer and I have it set up so that only the administrator can log into the server computer from the server location. Users can't. I setup an open workstation with guest priviliges so that family and non-workstation employees had a computer to work on and it quickly became known and the "porno shop", a name that sticks with it today even tho it is someone's workstation now. Every employee has a key to the door and come and go all hours of the night and day. One even left a total stranger alone in the building thinking she had her own key. When it comes to security, this place makes a security nightmare look like Sunday afternoon walk. If I understand you correctly, in the linux box, if I do as you say, not even root will be able to log into the server except through a remote computer. My terminology has much to be desired, I know. I am thinking now it would be better understood if I said I want to block all users except for administration from logging in locally. I would like to log in locally or remotely from another linux box. I will be the only one with a linux box to log in thru SSH. I am not familiar with the "Virtual terminal" but I understand enough about pam to know its related to some kind of password security. I haven't gotten that far in my learning yet. I say that security is a nightmare, I really can't be worse that what some of you have to put up with when MS supported worms get loose. I know there has been a lot of that in the last year. My real problem is that it is my responsibility to keep the system running and yet too many employees don't take it serious. I could make a lot more money letting the employees do what they want and constantly clean up behind them like I had to several years ago, but I like to sleep when I go to bed. Two weeks ago, the employee on the most critical workstation in the company told me she appreciated having a reliable computer. Maybe I should study how to answer email in the shortest but complete answers.... Good night! Buck Thank You Chan Min Way - -- - ------------------------------ 馬來西亞淨宗學會 Amitabha Buddhist Society (M) 16A, 1st Floor, Jalan Pahang, 53000, Kuala Lumpur, Malaysia. Tel:+603-40414101, 40452630 Fax:+603-40412172 WebPage: http://www.amtb-m.org.my E-Mail: amtbmy@xxxxxxxxxxxxx -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/d8P8V0p9slMZLW4RAlOkAKDCaCGH/lYHD+jT3Eja0mcosFgZJQCg7go4 9vnnvY6xFTrX7d1tnaolIIs= =ks79 -----END PGP SIGNATURE----- -- Shrike-list mailing list Shrike-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/shrike-list -- Shrike-list mailing list Shrike-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/shrike-list
