|
|
Sponsored Content
Top Forums
UNIX for Dummies Questions & Answers
Restricting access to a machine by IP Address
Post 41946 by hassan2 on Sunday 19th of October 2003 05:27:32 PM
10-19-2003
|
|
10 More Discussions You Might Find Interesting
1. Cybersecurity
restricted access...
Hi
I need to restrict users shell access to only $HOME under /home for each user. I don't want them getting out of their own directories. From what I understand chroot is something I could use, but I want to avoid this since it involves creating symbolic links to a number... (9 Replies)
Discussion started by: alwayslearningunix
9 Replies
2. UNIX for Dummies Questions & Answers
I need to create a user that only has access to 1 directory (e.g. /vol/mita/test). The user needs to be able to rsh into that directory to run a script. The user should not be able to navigate to any other directories above /vol/mita/test. Any help would be appreciated! (4 Replies)
Discussion started by: ngagne
4 Replies
3. Solaris
Hi All,
I'm on Solaris 8, I need to provide Read-only access to a user to 2 directories only.
Using rsh (restricted shell) as the user's login shell, I can restrict the user's access to a certain directory only, but how can I set in such a way that the user can access only the 2 directories... (4 Replies)
Discussion started by: max_min
4 Replies
4. UNIX for Advanced & Expert Users
I'm the admin in a shop in which my developers have and use the root account, all UNIX newbies.
I've been unable to convince management myself that this is an unacceptable practice.
I've looked in a couple books I have and can't find any chapters, discussions, etc that make the argument that... (2 Replies)
Discussion started by: keith.m
2 Replies
5. Solaris
We want to secure access to a server by restricting the number of users who can login to it. Our users are NIS users. Only few of them can telnet/ssh this server.
Do you have any idea on how to implement that?
thanks. (1 Reply)
Discussion started by: melanie_pfefer
1 Replies
6. UNIX for Dummies Questions & Answers
Hi all,
I have user called "Z". The home directory is /home/Z. I have another directory /home/Z/OP. Within /home/Z/OP, i have 2 directories
/home/Z/OP/OP1 and /home/Z/OP2.
I want to restrict access for Z to only access
/home/Z/OP and
/home/Z/OP1 and
/home/Z/OP2.
What kind of... (4 Replies)
Discussion started by: new2ss
4 Replies
7. UNIX for Advanced & Expert Users
Hi All,
I am facing a problem, regarding code security on a server.
We have configured a server which contains our code (ear present in jboss/server/xyz/deploy) in it, and need to bind the code to the server itself so that no one can take the code out of the. the problem is that the password of... (3 Replies)
Discussion started by: akshay61286
3 Replies
8. Solaris
Dear All,
I have created a user called "x" who is allowed only to FTP and it is working fine. Here my problem is, I want to give access to a particular directory say for eg:- /dump/test directory. I don't find any option in the useradd command to restrict access to this particular directory only... (1 Reply)
Discussion started by: Vijayakumarpc
1 Replies
9. UNIX for Dummies Questions & Answers
Hello,
I am using MySecureShell to chroot all sftp accesses. The problem that I have is that my boss does not want root to be able to use sftp. Root should still be able to ssh. Any ideas? (2 Replies)
Discussion started by: mojoman
2 Replies
10. Solaris
Dear all,
I am administering a DC environment of over 100+ Solaris servers used by various teams including Databases.
Every user created on the node belonging to databases is assigned group staff(10) .
I want that all users belonging to staff should NOT be able to execute certain system... (6 Replies)
Discussion started by: Junaid Subhani
6 Replies
LEARN ABOUT DEBIAN
xpaacl
xpaacl(7) SAORD Documentation xpaacl(7) NAME
XPAAcl - Access Control for XPA Messaging SYNOPSIS
XPA supports host-based access control for each XPA access point. You can enable/disable access control using the XPA_ACL environment variable. You can specify access to specific XPA access points for specific machines using the XPA_DEFACL and XPA_ACLFILE environment vari- ables. By default, an XPA access point is accessible only to processes running on the same machine (same as X Windows). DESCRIPTION
When INET sockets are in use (the default, as specified by the XPA_METHOD environment variable), XPA supports a host-based access control mechanism for individual access points. This mean that access can be specified for get, set, or info operations for each access point on a machine by machine basis. For LOCAL sockets, access is restricted (by definition) to the host machine. XPA access control is enabled by default, but can be turned off by setting the XPA_ACL environment variable to false. In this case, any process can access any XPA server. Assuming that access control is turned on, the ACL for an individual XPA access point is set up when that access point is registered (although it can be changed later on; see below). This can be done in one of two ways: Firstly, the XPA_ACLFILE environment variable can defined to point to a file of access controls for individual access points. The format of this file is: class:name ip acl The first argument is a template that specifies the class:name of the access point covered by this ACL. See XPA Access Points and Templates for more information about xpa templates. The second argument is the IP address (in human-readable format) of the machine which is being given access. This argument can be * to match all IP addresses. It also can be $host to match the IP address of the current host. The third argument is a string combination of s, g, or i to allow xpaset, xpaget, or xpainfo access respectively. The ACL argument can be + to give sgi access or it can be - to turn off all access. For example, *:xpa1 somehost sg *:xpa1 myhost + * * g will allow processes on the machine somehost to make xpaget and xpaset calls, allow processes on myhost to make any call, and allow all other hosts to make xpaget (but not xpaset) calls. Secondly, if the XPA_ACLFILE does not exist, then a single default value for all access points can be specified using the XPA_DEFACL envi- ronment variable. The default value for this variable is: #define XPA_DEFACL "*:* $host +" meaning that all access points are fully accessible to all processes on the current host. Thus, in the absence of any ACL environment vari- ables, processes on the current host have full access to all access points created on that host. This parallels the X11 xhost mechanism. Access to an individual XPA access point can be changed using the -acl parameter for that access point. For example: xpaset -p xpa1 -acl "somehost -" will turn off all access control for somehost to the xpa1 access point, while: xpaset -p XPA:xpa1 -acl "beberly gs" will give beberly xpaget and xpaset access to the access point whose class is XPA and whose name is xpa1. Similarly, the current ACL for a given access point can be retrieved using: xpaget xpa1 -acl Of course, you must have xpaget access to this XPA access point to retrieve its ACL. Note that the XPA access points registered in the xpans program also behave according to the ACL rules. That is, you cannot use xpaget to view the access points registered with xpans unless you have the proper ACL. Note also when a client request is made to an XPA server, the access control is checked when the initial connection is established. This access in effect at this time remains in effect so long as the client connection is maintained, regardless of whether the access fro that XPA is changed later on. We recognize that host-based access control is only relatively secure and will consider more stringent security (e.g., private key) in the future if the community requires such support. SEE ALSO
See xpa(7) for a list of XPA help pages version 2.1.14 June 7, 2012 xpaacl(7)