Gentoo Archives: gentoo-security

From: Robert Ullrich <roul76@×××.de>
To: gentoo-security@l.g.o
Subject: Re: [gentoo-security] Prevent users to login directly
Date: Wed, 28 Jul 2004 16:27:16
Message-Id: 20040728182608.2b10366c@springfield
In Reply to: Re: [gentoo-security] Prevent users to login directly by Will Richey
1 On Wed, 28 Jul 2004 07:58:52 -0400
2 Will Richey <w-gentoo@××××.org> wrote:
3
4 > * Robert Ullrich <roul76@×××.de> [2004-07-28 03:03]:
5 > > By the way: In HP-UX it works that way:
6 > >
7 > > Simply put in the user's .profile first line
8 > >
9 > > [ "$0" != "-su" ] && exit
10 > >
11 > > and he could only login via su. Every other login-method (directly,
12 > > ssh, etc.) will fail.
13 >
14 > I am not sure that is a complete solution. I'm rather confident
15 > that xdm does not run .profile, though it is a little difficult
16 > to trace. Having a .bash_profile seems to preclude running .profile.
17 >
18 > -wmr-
19 >
20
21 That's a point to mention. But if that user tries to start xterm he
22 would fail because .profile will be executed.
23
24 regards - Rob
25
26 --
27 gentoo-security@g.o mailing list