Differences

This shows you the differences between two versions of the page.

--- linux:group_login_restriction [2018/10/11 16:30]
bmiddha
+++ linux:group_login_restriction [2021/05/02 21:36]
@@ Line 1: / Line 1: @@
-====== Group Login Restriction ======
-====== What is it? ======
-When provisioning a machine (bare-metal or virtual) it may often be useful to only allow a certain group of users to access this machine.  Since all our linux systems have a unified userbase via AD, we are able to identify a group of users through regular group management.
-There are a few methods that we make use of achieve these restrictions.
-===== access.conf =====
-/etc/security/access.conf
-This is the Login access control table.  In this file, you can specify users and groups that are allowed access to the machine in question.
-The following examples assume are all done within ''access.conf''
-Keep in mind that this file is parsed from top to bottom, so the **ordering of your directives DO MATTER**!
-===== Giving access to a user/group =====
-''+ : acmadmin : ALL''
-''+ : (adminGroup) : ALL''
-In this example, we are giving access (''+'') to the username ''acmadmin'' on ''ALL'' access points
-===== Deny access to everyone else =====
-''- : ALL : ALL''
-This will disallow login by all users from all sources.  **This should generally be done as the very last directive in the file.**
-In this example, we are giving access (''+'') to the username ''acmadmin'' on ''ALL'' access points
-<file|/etc/security/access.conf>
-+:root:ALL
-+:acmadmin:ALL
-+:(wheel):ALL
-+:(AcmLanAdmins):ALL
--:ALL:ALL
-</file>
-====== pam ======
-<code>auth	   required	pam_access.so</code>
-add to /etc/pam.d/login and /etc/pam.d/sshd

UIC ACM

User Tools

Site Tools

Differences

Page Tools