Limiting Users

[David Bandel]

On 3/15/07, Ken Leyba <inetken at gmail.com> wrote:
> Wow, I'm back, not that anyone ever knew me, but I was on the old Caldera

I remember you (and several others who don't hang out here anymore).

> list. I have a copy of WABI and some boxed Caldera if anyone is feeling
> nostalgic :^)

Still have mine.

>
> Anyway, I have a computer lab running CentOS with NIS and NFS.  Users can
> login to the server either from a lab workstation or ssh if off campus.
> What I want to do is create some generic user accounts for our user group to
> use when we meet.  I can block ssh from off campus but I need to limit what
> these users can do from workstations.  One suggestion was to use quotas to
> give them very little disk and maybe setup a cron job to clean up the
> directories once a week.  I was hoping to create accounts with no home but I
> need home for the Gnome stuff (I think).  So I'm looking for suggestions to
> accomplish this.

I have a computer lab set up in a school.  While everyone has an
account via NIS, for visitors and children too little to
remember/manage an account, I created a guest user local to the
machine -- no login, home directory in /var/home/guest.

Works for us.

>
> One other question, in Windows (I support both so bear with me here) I can
> limit a user login from a particular machine based on name.  For example
> user "genericuser1" can only login on to "workstation1".  Is there a way to
> do this in Linux?

Check out /etc/security/access.conf (part of all that PAM stuff).  Try
`man access.conf`.

Now if you just don't want folks in the NIS server, you don't run the
NIS client on the server and put all "banned" folks (like students)
below the +::::: line.

>
> TIA,
> Ken

Ciao,

David A. Bandel
-- 
Focus on the dream, not the competition.
            - Nemesis Air Racing Team motto