HPE Community
Operating System - Linux
1833038 Members
2485 Online
110049 Solutions
New Discussion

Re: Restrict NIS users

 
Binu_5
Regular Advisor

‎08-30-2005 03:29 PM

‎08-30-2005 03:29 PM

Restrict NIS users

Hi All

Can any body tell me how to restrict nis users to user Linux servers
OS version is Red Hat linux 9

Thanks
Binu
0 Kudos
Reply
12 REPLIES 12
Vitaly Karasik_1
Honored Contributor

‎08-30-2005 06:20 PM

‎08-30-2005 06:20 PM

Re: Restrict NIS users

>how to restrict nis users
can you provide more info about this?
0 Kudos
Reply
Binu_5
Regular Advisor

‎08-30-2005 06:36 PM

‎08-30-2005 06:36 PM

Re: Restrict NIS users

Hi

I have an NIS server here and all the users
are configures in this Server...
NIS users will login to individual workstations ..Here all the NIS users can login to all workstations .. I want to restrict some users accessing some workstations ..

Is there any setting in the workstation side

Thanks
Binu
0 Kudos
Reply
Vitaly Karasik_1
Honored Contributor

‎08-30-2005 06:47 PM

‎08-30-2005 06:47 PM

Re: Restrict NIS users

netgroup can help you.
see http://www.tldp.org/HOWTO/NIS-HOWTO/settingup_client.html for more.
0 Kudos
Reply
CSG Office
Frequent Advisor

‎08-30-2005 11:21 PM

‎08-30-2005 11:21 PM

Re: Restrict NIS users

Hi Binu,

If it is NIS, then each NIS client would have "+" at the bottom of passwd and shadow files. To remove a particular user such as jsmith, you would put "-jsmith" in passwd. Alternatively, you could take out the "+" (which includes everyone) and put "+jsmith" to make jsmith the only user to be able to log on with an NIS account. If you have user accounts you will never want to logon to clients, make the accounts UID a low number. I don't remember what the lowest NIS UID is, but that is adjustable anyway. You may have to look for that.
0 Kudos
Reply
Binu_5
Regular Advisor

‎08-31-2005 12:44 AM

‎08-31-2005 12:44 AM

Re: Restrict NIS users

Hi

Please find the last lines of my password file
#+::0:0:::
+binuv

I have added a user call +binuv at the
end of the line and hashed (#) the above line but still all the nis users can login to the system

Thanks
Binu
0 Kudos
Reply
Ivan Ferreira
Honored Contributor

‎08-31-2005 01:19 AM

‎08-31-2005 01:19 AM

Re: Restrict NIS users

To restrict users to specific workstations, you can use the pam_access module:

http://susefaq.sourceforge.net/howto/pam.html

Enable pam_access in /etc/pam.d/system-auth and then configure the /etc/security/access.conf file.
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
0 Kudos
Reply
RAC_1
Honored Contributor

‎08-31-2005 01:27 AM

‎08-31-2005 01:27 AM

Re: Restrict NIS users

Use netgroup file.
man netgroup for details.

You can also put as follows in passwd file.

-user_name1
-user_name2
There is no substitute to HARDWORK
0 Kudos
Reply
Ross Minkov
Esteemed Contributor

‎08-31-2005 05:43 PM

‎08-31-2005 05:43 PM

Re: Restrict NIS users

When you have "passwd: files nis" in /etc/nsswitch.conf file you do not need to include + entry in /etc/passwd to allow for NIS logins. In that case all users with NIS accounts can login to the system.

To be able to restrict interactive access to the system to a subset of the NIS users you can use the +/- semantics syntax in /etc/passwd as follows:
+nisuser ==> include the specified user from NIS passwd.byname
-nisuser ==> exclude the specified user
+@netgroup ==> include all users in the netgroup
-@netgroup ==> exclude all users in the netgroup
+ ==> include everything, except excluded users

To allow for this syntax in /etc/passwd the "compat" source should be used for passwd in /etc/nsswitch.conf. It reads /etc/passwd for getpwnam() functions and, if it finds +/- entries, invokes an appropriate source. In case you need to use it, the "compat" source also provides full +/- semantics for /etc/group.

HTH,
Ross
0 Kudos
Reply
Artur Shnayder
New Member

‎09-06-2005 03:54 AM

‎09-06-2005 03:54 AM

Re: Restrict NIS users

I've added the following configuration in /etc/passwd file:
+@admin:::::::
-::::::::

When users from other then admin netgroup are connecting to the host they get something like:
id: cannot find name for group ID 6553
id: cannot find name for user ID 925

but they are still able to log in. Is there any way to prevent login permissions for these users?
0 Kudos
Reply
Ross Minkov
Esteemed Contributor

‎09-06-2005 04:05 AM

‎09-06-2005 04:05 AM

Re: Restrict NIS users

Arthur,

Try this:

1. Only add the following to /etc/passwd:

+@admin

Remove any lines that have ::::...
Also make sure you don't have a "+" line in it.

2. Add the following line to /etc/group:

+

3. Change you /etc/nsswitch.conf to have:

passwd: compat
shadow: compat
group: compat


HTH,
Ross
0 Kudos
Reply
Artur Shnayder
New Member

‎09-06-2005 04:16 AM

‎09-06-2005 04:16 AM

Re: Restrict NIS users

"+" in the /etc/group file removed GID error message, all the rest is the same.
I forgot to mention that it's RHE3 update 4.
I guess the problem is somewhere in pam modules.
0 Kudos
Reply
Binu_5
Regular Advisor

‎09-12-2005 06:04 PM

‎09-12-2005 06:04 PM

Re: Restrict NIS users

Hi

I have added only one user in
/etc/security/access.conf like the following format
+:alphy but still other users can access the system

Thanks
Binu
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.