Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Restrict service account from direct interactive sessions
Top Forums UNIX for Advanced & Expert Users Restrict service account from direct interactive sessions Post 303024298 by Peasant on Friday 5th of October 2018 12:16:58 PM
Old 10-05-2018
Looks unreasonably complex to implement yes, with requests for functionality overlapping.

Is there another approach for desired outcome ?
Perhaps some web server and actual application....

You will have many issues with implementing your entire functionality using one user and SSH protocol.
If you manage to do that in the end you will have a hacky mess.

Perhaps more service users with separated privileges.
Linux and unix systems are multi user environments in their essence, so exploit that as much as you can.

Hope that helps
Regards
Peasant.
 

9 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

How to restrict account to one log-in?

Our users have the tendency to use only one login account, to do their jobs. Obvious itīs a matter of training our users. But our internal audit team insists on restrictions from our system. So is there an option to restrict an account to only login once into the system? We use HP-UX 11.0. ... (0 Replies)
Discussion started by: Egroman
0 Replies

2. Homework & Coursework Questions

Help with Interactive / Non Interactive Shell script

Q. Write a script that behaves both in interactive and non interactive mode. When no arguments are supplied it picks up each C program from the directory and prints first 10 lines. It then prompts for deletion of the file. If user supplies arguments with the script , then it works on those files... (1 Reply)
Discussion started by: rits
1 Replies

3. Homework & Coursework Questions

How to write script that behaves both in interactive and non interactive mode

Q. Write a script that behaves both in interactive and non interactive mode. When no arguments are supplied it picks up each C program from the directory and prints first 10 lines. It then prompts for deletion of the file. If user supplies arguments with the script , then it works on those files... (8 Replies)
Discussion started by: rits
8 Replies

4. Solaris

Direct/scsu access to unix account

Hey Is there any way to differentiate if a user is logged directly into a UNIX functional account or if they have scsu'ed into the functional account? Cheers Paul (2 Replies)
Discussion started by: runnerpaul
2 Replies

5. Shell Programming and Scripting

Manipulating sed Direct Input to Direct Output

Hi guys, been scratching round the forums and my mountain of resources. Maybe I havn't read deep enough My question is not how sed edits a stream and outputs it to a file, rather something like this below: I have a .txt with some text in it :rolleyes: abc:123:xyz 123:abc:987... (7 Replies)
Discussion started by: the0nion
7 Replies

6. Red Hat

Su-only account with ssh capability and no interactive login

Hello experts, Is it possible to have an user account on RHEL 6.3 as a su-only account, but with ssh capability and no interactive login? Let me elaborate. Say, we have a cluster of 5 RHEL 6.3 servers and an user account (strmadmin) on each of the server as an su-only... (1 Reply)
Discussion started by: naveendronavall
1 Replies

7. AIX

Can I restrict IP and AIX account at the same time?

Hi Everyone, I want to know is it possible, restrict user login to AIX by IP and user name? e.g. user alice can login to AIX (via ssh or telnet) from 192.168.1.100 user alice can not login to AIX (via ssh or telnet) from 172.16.1.100 user bob can not login to AIX (via ssh or telnet)... (6 Replies)
Discussion started by: nnnnnnine
6 Replies

8. AIX

Procedure to restrict direct access as root

Hello, I would like to confirm whether the below procedure is correct. disabled direct super user access on AIX server using below procedure. Please let me know if there is any additional step. 1) confirm the access to HMC, console to reach the LPARs 2) chuser rlogin=false root ... (3 Replies)
Discussion started by: dio34
3 Replies

9. UNIX for Beginners Questions & Answers

Allow AD service account SSH to Linux systems without 2FA

I have Windows AD server and all of the linux computers are joined to AD. Recently, 2FA has been activated, I wish to exclude some of the domain service accounts from 2FA # less /etc/pam_radius_acl.conf sshd:* # /etc/pam.d/sshd auth required pam_sepermit.so auth requisite... (0 Replies)
Discussion started by: davidpar007
0 Replies

LEARN ABOUT DEBIAN

nns_intro

nns_intro(3tcl) 					       Name service facility						   nns_intro(3tcl)

__________________________________________________________________________________________________________________________________________________

NAME

       nns_intro - Name service facility, introduction

DESCRIPTION

       nns  (short for nano nameservice) is a facility built for the package comm, adding a simple name service to it.	It is also built on top of
       comm, using it for the exchange of messages between the client and server parts.

       This name service facility has nothing to do with the Internet's Domain Name System, otherwise known as DNS. If the reader is looking for a
       package dealing with that please see either of the packages dns and resolv, both found in Tcllib too.

       Tcllib provides 2 applications and 4 packages which are working together and provide access to the facility at different levels.

APPLICATIONS

       The  application  nnsd  provides a simple name server which can be run by anybody anywhere on their system, as they see fit.  It is also an
       example on the use of the server-side package nameserv::server.

       Complementing this server is the nns client application.  A possible, but no very sensible use would be to enter name/port bindings into  a
       server from a shell script. Not sensible, as shell scripts normally do not provide a comm-based service.

       The  only  case for this to make some sense would be in a shell script wrapped around a Tcl script FOO which is using comm, to register the
       listening port used by FOO.  However even there it would much more sensible to extend FOO to use the nameservice directly. And in regard on
       how  to	that  nns  can	be used as both example and template.  Beyond that it may also be useful to perform nameservice queries from shell
       scripts.

       The third application, nnslog is a stripped down form of the nns client application. It is reduced to perform a continuous search  for  all
       changes and logs all received events to stdout.

       Both clients use the nameserv::auto package to automatically hande the loss and restoration of the connection to the server.

PACKAGES

       The  two  main  packages  implementing the service are nameserv and nameserv::server, i.e. client and server. The latter has not much of an
       API, just enough to start, stop, and configure it. See the application nnsd on how to use it.

       The basic client, in package nameserv, provides the main API to manipulate and query the service. An example of its use is the  application
       nns.

       The  second  client  package,  nameserv::auto is API compatible to the basic client, but provides the additional functionality that it will
       automatically restore data like bound names when the connection to the name service was lost and then reestablished. I.e. it  automatically
       detects the loss of the server and re-enters the data when the server comes back.

       The  package  nameserv::common is of no interest to users. It is an internal package containing code and definitions common to the packages
       nameserv and nameserv::server.

       All packages use the uevent package for the reporting of special circumstances via events, and reserve the uevent-tag  nameserv	for  their
       exclusive use. All their events will be posted to that tag.

INTERNALS

       The  document  Name  service  facility, client/server protocol specifies the protocol used by the packages nameserv and nameserv::server to
       talk to each other. It is of no interest to users of either the packages or applications.

       Developers wishing to modify and/or extend or to just understand the internals of the nameservice facility however are strongly advised	to
       read it.

BUGS, IDEAS, FEEDBACK
       This  document,	will  undoubtedly  contain bugs and other problems.  Please report such in the category nameserv of the Tcllib SF Trackers
       [http://sourceforge.net/tracker/?group_id=12883].  Please also report any ideas for enhancements you may have  for  either  package  and/or
       documentation.  Please also report any ideas for enhancements you may have.

SEE ALSO

       nameserv(3tcl), nameserv::auto(3tcl), nameserv::common(3tcl), nameserv::protocol(3tcl), nameserv::server(3tcl), nnsd(3tcl), nss(3tcl)

KEYWORDS

       client, name service, server

CATEGORY

       Networking

COPYRIGHT

       Copyright (c) 2008 Andreas Kupries <andreas_kupries@users.sourceforge.net>

nns									1.0							   nns_intro(3tcl)
All times are GMT -4. The time now is 01:53 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy