Restrict access to specific users.


 
Thread Tools Search this Thread
Top Forums UNIX for Advanced & Expert Users Restrict access to specific users.
# 1  
Old 08-21-2008
Restrict access to specific users.

Hi All!
I would like to know if there is any specific way by which I can restrict access to apecific users (ip addresses).

OS : Red hat linux


Thanks!
nua7
# 2  
Old 08-21-2008
Depending on the type of access, you can use "TCP wrappers" or "iptables". Do a search for them to find out about them... some services have built-in facilities for controlling access by IP address; if you tell us which type of access you are trying to restrict we may be able to help further.
# 3  
Old 08-21-2008
are you refering to deny ssh login ?
in redhat you have pam for that.
you can also simple ban the hole ip (in all ports and services) by adding them to /etc/host.deny (might be /etc/hosts.deny
# 4  
Old 08-21-2008
Instead of predicting things, its better if you provide what type of restriction are you looking for ?

- nilesh
# 5  
Old 08-22-2008
Hi All,
I am sorry for not giving all the information. But here is my actual need. I would be having Oracle database on a Red hat Linux server which would listen to Port 1521(Default port for oracle).

I need to restrict users to this Port.I thought two solutions for this using iptables.

Solution 1 : Set the firewall with iptables rules, to allow ip addresses of a particular subnet to access the Oracle port.Using this rule only machines on the DBserver's subnet are able to communicate with it on Port 1521.

Code:
iptables -A INPUT -i eth0 -p tcp --dport 1521 -s ! <subnet mask value>

Solution 2:
Have a list of all valid IP's in a file and set a rule in the iptable to allow access to those IP addreesses only.
Code:
iptables -P FORWARD DROP 
for mac in $(cat ipaddressfile); do 
iptables -A FORWARD -m mac --mac-source $mac -j ACCEPT 
done

Please let me know if I am on the right track or if something else needs to be done.Also kindly let me know , which solution would work better looking at the security point of view.

Thanks!
nua7
# 6  
Old 08-25-2008
It seems to me like the first option would be a lot easier to maintain over time. I can't really comment on the security point of view because it depends on the sensitivity of your data and the security of the network the system is on. There should be security built-in to the database access anyway, so hopefully anything you are donig here is going above and beyond the call of duty anyway?
# 7  
Old 08-27-2008
Hi!
Finally it has been decided that specfic ip addresses should be allowed to access the database port. Solution 2 which is in my previous post.

Please let me know if you have any suggestions in the solution 2 I mentioned.
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Solaris

How to Limit ftp access parameters for specific users?

Dear friends, :) I create new user useradd -g other -d /export/home/sltftp -m -s /bin/bash -c "SLT user account for TMA ftp backup" sltftp now i need do restrict thees chmod delete overwrite rename from this user:(for all the files in the server ,sltftp user can only able to download... (4 Replies)
Discussion started by: darakas
4 Replies

2. UNIX for Dummies Questions & Answers

Restrict access

I'm trying to use squid to restrict elinks' access to certain websites(only http traffic). I have tried some configs in squid.conf but no luck. Hope someone has a bit of time to explain me how can you make these config's :) ---------- Post updated at 05:40 PM ---------- Previous update was at... (1 Reply)
Discussion started by: Birnbacher
1 Replies

3. Solaris

How to restrict rm -rf * to users other than root?

I'm using Solaris 10. I want to restrict users from executing this dangerous command. rm -rf * But they should be able to perform the below actions: rm -rf *.* rm -rf filename rm -rf directory Is it possible? If yes then pls let me know how to do it? (7 Replies)
Discussion started by: Arun_Linux
7 Replies

4. Ubuntu

Restrict SUDO Access

Linux ubuntu 3.0.0-12-generic #20-Ubuntu SMP Fri Oct 7 14:56:25 UTC 2011 x86_64 x86_64 x86_64 GNU/Linux Hi Folks, Please help me. I am bit struck here. Here is the OS info. Linux ubuntu 3.0.0-12-generic #20-Ubuntu SMP Fri Oct 7 14:56:25 UTC 2011 x86_64 x86_64 x86_64 GNU/Linux I have a... (17 Replies)
Discussion started by: explorer007
17 Replies

5. Red Hat

Restrict user access

Hi there I have an application user on my system that wants accesses to these file systems as such: rwx: /SAPO /SAPS12 /R3_888 /R3_888B /R3_888F /R3_888R r: /usr/sap these are the existing FS permissions:ownerships: # ls -ld /SAPO (9 Replies)
Discussion started by: hedkandi
9 Replies

6. UNIX for Dummies Questions & Answers

Restrict user access.

Hi All, How can we restrict a particular user access to a particular shell in solaris 10. Thanks in Advance. (5 Replies)
Discussion started by: rama krishna
5 Replies

7. Solaris

To restrict the users not to change the passwords for NIS users

Hi All, How to restrict the NIS users not to change their passwords in for NIS users?? and my NIS user is unable to login to at client location what could be the problem for this ? Any body can help me. Thanks in advance. (1 Reply)
Discussion started by: Sharath Kumar
1 Replies

8. Red Hat

Restrict local users to access ftp

Hi, I had installed vsftp in rhel5 and i want to restrict all the local users from accessing the ftp. i want to allow specific users to access the ftp server. Request you to please help. Thanks & regards Arun (1 Reply)
Discussion started by: Arun.Kakarla
1 Replies

9. UNIX for Advanced & Expert Users

Restrict Access to the folder

Hi I have requirement to create 3 new users on my server but to restrict their access to a set of particular folders. /export/home/kapil/shared, /export/home/kapil/shared/Folder1 /export/home/kapil/shared/Folder2 These folders should be accessible to all the 3 users and to me too.... (1 Reply)
Discussion started by: kapilk
1 Replies

10. UNIX for Dummies Questions & Answers

Restrict users to certain functions

Hi Gurus, Tried searching for something similiar in this forum but not really what i want. This is my case: I have about 20 users running on sun workstation. We have done a upgrade recently and right now it seems that the users can access to terminal and console which they are not suppose... (12 Replies)
Discussion started by: lweegp
12 Replies
Login or Register to Ask a Question