Results 1 to 2 of 2

Thread: Disable login for a group of users

  1. #1
    Join Date
    Jan 2011
    Beans
    6

    Disable login for a group of users

    The system is used as mail server and mail users have normal unix user accounts. All mail users are members of a dedicated group. This group is their primary group, specified in /etc/passwd.

    Simply setting the shell for these users to /bin/false is not an option, since their accounts must be able to execute the vacation program for Out of Office replies. Postfix will use users' login shell to execute it.

    So far, I have disabled ssh access for mail users by adding a "DenyGroups" option to /etc/ssh/sshd_config.

    Now I also want to disable login via tty1-6 and gdm. I trust that this should be possible with PAM, but right now I know nothing about PAM.

    Altering the mail server so that mail users are not system users is not an option.

    Can someone who knows PAM please give me some hints how I might achieve this?

  2. #2
    Join Date
    Jan 2011
    Beans
    6

    Re: Disable login for a group of users

    I believe I solved it:

    Add

    account required pam_access.so

    to /etc/pam.d/login and to /etc/pam.d/gdm, and add

    -:replacewithgroupname:ALL

    to /etc/security/access.conf

    I realize I might have posted to the wrong forum location. Feel free to relocate if you can.

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •