[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Security options
From: |
Phil R Lawrence |
Subject: |
Re: Security options |
Date: |
Thu, 19 Dec 2002 13:00:14 -0500 |
User-agent: |
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.1) Gecko/20021003 |
Yesterday we were discussing the following set-up:
- user account 'phil'
- user account 'cvs-phil' with shell /sbin/nologin
- cvs-phil has group rights to modify projects
- SSH configuration allows cvs-phil only to run cvs
As Mark pointed out, /sbin/nologin prevents phil (or anyone else) from
su'ing to cvs-phil.
However, it also prevents an SSH connection, which causes an error when
using cvs:
cvs update: warning: unrecognized response `This account
is currently not available.' from cvs server
My best idea is to leave cvs-phil with a regular shell, but disallow
su'ing to cvs-phil (via chuser on AIX, but how about linux?). Since our
server will be physically secured, no one could directly log onto the
console as cvs-phil. Then SSH will be configured to only allow the cvs
command.
Any other thoughts?
Thanks,
Phil