November 2024
M T W T F S S
 123
45678910
11121314151617
18192021222324
252627282930  

Categories

November 2024
M T W T F S S
 123
45678910
11121314151617
18192021222324
252627282930  

How to set Access/Restrictions on users logins


Time Based Restrictions

These examples will limit the login times of certain users. See /etc/security/time.conf for more information/examples. In order to place time restrictions on user logins, the following must be placed in /etc/pam.d/login:

account required /lib/security/pam_time.so

The remaining lines should be placed in /etc/security/time.conf.

1. Only allow user mohan to login during on weekdays between 7 am and 5 pm.

login;*;mohan;Wd0700-1700

2. Allow users A & B to login on all days between 8 am and 5 pm except for Sunday.

login;*;A|B;AlSu0800-1700

If a day is specified more than once, it is unset. So in the above example, Sunday is specified twice (Al = All days, Su = Sunday). This causes it to be unset, so this rule applies to all days except Sunday.

Access Based Restrictions
/etc/security/access.conf can be used to restrict access by terminal or host. The following must be placed in /etc/pam.d/login in order for these examples to work:

account required /lib/security/pam_access.so

1. Deny mohan login access on all terminals except for tty1:

-:mohan:ALL EXCEPT tty1

2. Users in the group operator are only allowed to login from a local terminal:

-:operator:ALL EXCEPT LOCAL

3. Allow user A to only login from a trusted server:

Leave a Reply

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>