[TriLUG] how do I add an email account
Greg Cox
glcox at pobox.com
Tue Jan 27 13:43:39 EST 2004
> 1. you can create a local account and disable shell access by setting
> the login shell to /bin/false or whatever. that way it is impossible
> to login as that user, ever with the password. not exactly what you
> wanted but it's close enough for a lot of cases.
If the default of the box is permit-only-a-select-few, rather than
deny-only-a-select-few (like a mail server for a company), you may
want to use PAM.
Create a file, say, /etc/security/local_login_access.conf"
+:admin1:ALL
+:admin2:ALL
+:root:LOCAL .ourcompany.com
-:ALL:ALL
Then, add something like:
account required pam_access.so accessfile=/etc/security/local_login_access.conf
to /etc/pam.d/sshd
That lets two admins in from anywhere, root in from console or from inside
the company, and denies everyone else.
More information about the TriLUG
mailing list