Welcome to Linux Forums!

With a comprehensive Linux Forum, information on various types of Linux software and many Linux Reviews articles, we have all the knowledge you need a click away, or accessible via our knowledgeable members.

Linux Forum ArticlesLinux ForumsLinux Forum DownloadsLinux Hosts
Home|Register|FAQ|Member List|Calendar|Unanswered Posts|Forum Rules|Today's Posts|Advanced Search|
SEARCH FOR IN
Go Back   Linux Forums > GNU Linux Zone > Linux Security
Reload this Page Can I limit the IP access for user?
Linux Forums
Linux Forums
Welcome To The Linux Forums!
Welcome to Linux Forums. We pride ourselves in being one of the largest Linux communities on the web, we encourage you to REGISTER on our forums and participate in the community. There are over 150,000 members ready to answer your questions. JOINING US today will allow you to make new posts, get support, send messages to other members and submit downloads to our downloads directory and many other great features!

Linux Security Discussion about keeping your machines secure, and the crackers out.

Reply
 
Thread Tools Display Modes
Old 04-12-2008   #1 (permalink)
kdman
Just Joined!
 
Join Date: Apr 2008
Posts: 20
Can I limit the IP access for user?
I mean: can I prevent any access for some user else from a specified IP/IP's ?
I know it can be for the whole server, but I need to set an IP access for each user.

By theway, can I limit the qouta also
kdman is offline   Reply With Quote
Old 04-12-2008   #2 (permalink)
ynilesh
Linux Newbie
 
Join Date: Feb 2008
Location: Bangalore, India
Posts: 112
Send a message via Yahoo to ynilesh
I am not sure about setting ip per user. but you can set quota on different users. Please follow the link link, http://www.redhat.com/docs/manuals/l...sk-quotas.html
__________________
bigunix.blogspot.com
Registered Linux User: #476440
ynilesh is offline   Reply With Quote
Old 04-12-2008   #3 (permalink)
anomie
Linux Guru
 
anomie's Avatar
 
Join Date: Mar 2005
Location: Texas
Posts: 1,699
Quote:
Originally Posted by kdman
I mean: can I prevent any access for some user else from a specified IP/IP's ?
I know it can be for the whole server, but I need to set an IP access for each user.
For what service?
__________________
FreeBSD Handbook & FAQ // CentOS wiki
anomie is offline   Reply With Quote
Old 04-13-2008   #4 (permalink)
kdman
Just Joined!
 
Join Date: Apr 2008
Posts: 20
ynilesh: thanks for quota

anomie: I need to limit IP access for shell user who created by "adduser" command.
kdman is offline   Reply With Quote
Old 04-17-2008   #5 (permalink)
ynilesh
Linux Newbie
 
Join Date: Feb 2008
Location: Bangalore, India
Posts: 112
Send a message via Yahoo to ynilesh
Question : I need to limit IP access for shell user who created by "adduser" command.

Does it mean you want to restrict local users not to ssh/scp/ftp using your ip address?

If yes there is a workaround if its service base.... i have not tried this anywhere.

1. which {service name} ...
`which sshd`
/usr/sbin/sshd

2. check `ls -al /usr/sbin/sshd`
-rwxr-xr-x 1 root root 368068 2008-04-02 00:33 /usr/sbin/sshd

3. Create group of users whom you want to give access, rest will be denied to access service.
groupadd {groupname} -
ex. `groupadd allowaccess`

4. Give execute permission to this group only.
chgrp allowaccess /usr/sbin/sshd
chmod 750 /usr/sbin/sshd

5. Check if your denied users still can access the service.

Follow the same procedure for other services
__________________
bigunix.blogspot.com
Registered Linux User: #476440
ynilesh is offline   Reply With Quote
Old 04-17-2008   #6 (permalink)
kdman
Just Joined!
 
Join Date: Apr 2008
Posts: 20
Thanks, but that is not what I need.
I offer some shell account and for security reasons, I wan't that account can be access from the client IP only.
I don't wish any hacker can access it even if he got the use and password.
kdman is offline   Reply With Quote
Old 04-19-2008   #7 (permalink)
ynilesh
Linux Newbie
 
Join Date: Feb 2008
Location: Bangalore, India
Posts: 112
Send a message via Yahoo to ynilesh
Use tcp wrappers which allow/deny access to the ip's, network on service level. You need not to create seperate shell account for that...

Allow sshd service access to only known ip's and network.
__________________
bigunix.blogspot.com
Registered Linux User: #476440
ynilesh is offline   Reply With Quote
Old 04-22-2008   #8 (permalink)
i92guboj
Linux Engineer
 
Join Date: Nov 2007
Location: Córdoba (Spain)
Posts: 1,036
You all should read on iptables. It can do that and much more. It's not trivial to learn, though.

There are some frontends available, like shorewall, and even graphical ones. But for advanced stuff you'll actually need to learn iptables, since the frontends can never match all the features and flexibility of iptables.
i92guboj is online now   Reply With Quote
Old 04-22-2008   #9 (permalink)
kdman
Just Joined!
 
Join Date: Apr 2008
Posts: 20
i92guboj : Great advice, Thanks a lot
kdman is offline   Reply With Quote
Reply

« Previous Thread | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off




All times are GMT. The time now is 06:39 AM.



Contact Us | Advertise | Archive | Top
© 2000 - 2008 - All Rights Reserved - Property of  MAS Media

Content Relevant URLs by vBSEO 3.0.0