Re: Multiple servers, restricting user commands and LDAP
This is a discussion on Re: Multiple servers, restricting user commands and LDAP within the OpenSSH Development forums, part of the Networking and Network Related category; Finlay Dobbie wrote: > > On 21 Feb 2005, at 20:42, Damien Miller wrote: >> If you are ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
02-21-2005
|
|||
|
|||
Re: Multiple servers, restricting user commands and LDAP
Finlay Dobbie wrote:
> > On 21 Feb 2005, at 20:42, Damien Miller wrote: >> If you are using LDAP, then set posixAccount/loginShell appropriately. > > I know how to set a user's shell using the NIS schema. I don't see how > that helps me, since I need to have different restricted commands for > different hosts. If I could restrict commands by group then that'd be > dandy. You could have the same shell name map to different restrictions on each host. Trivially, by symlinking the shell to the binary you want to tun (e.g. /usr/bin/cvs) or, if you wanted to be fancy, you could make that restricted shell look up the actual commands it is supposed to execute in LDAP too. That way they user would get a consistent response regardless of the method by which they logged in. -d _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@mindrot.org http://www.mindrot.org/mailman/listi...enssh-unix-dev 
|
Linear Mode
