wiki

User Tools

Site Tools

Trace: linux_error_lvm linux_kernel_tuning linux_kernel linux_access_control
linux:linux_access_control

Table of Contents

User Access Control for users

Do not use multiple ways, only one to prevent conflicts

PAM

Applies to all users (local or not) 

/etc/security/access.conf

+:root:LOCAL
+:@rhel-app-wirefeed:ALL
-:ALL:ALL

To see which PAM-based services are using it:

# grep pam_access.so /etc/pam.d/*-auth
/etc/pam.d/fingerprint-auth:account     required      pam_access.so
/etc/pam.d/password-auth:account     required      pam_access.so
/etc/pam.d/smartcard-auth:account     required      pam_access.so
/etc/pam.d/system-auth:account     required      pam_access.so

SSSD

Applies only to LDAP users

SSSD configuration file (/etc/sssd/sssd.conf) contains: 

[domain/<DOMAIN>]
access_provider = simple
simple_allow_groups = <LDAP_GROUP1>
simple_allow_users = <LDAP_USER1>,<LDAP_USER2>
And /etc/ssh/sshd_config:

AllowGroups <GROUP1>
The LDAP configuration is working, resolving usename and groups as checked with:

# getent passwd <user>
# getent group <group>

SSH

How To Allow Or Deny SSH Access To A Particular User Or Group In Linux

/etc/ssh/sshd_config 

...
AllowUsers user1 user2
AllowGroups root
DenyUsers sk
DenyGroups admin
linux/linux_access_control.txt · Last modified: 2023/08/11 10:30 by manu

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: GNU Free Documentation License 1.3
GNU Free Documentation License 1.3 Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki