Find the answer to your Linux question:
Results 1 to 9 of 9
I mean: can I prevent any access for some user else from a specified IP/IP's ? I know it can be for the whole server, but I need to set ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Apr 2008
    Posts
    20

    Can I limit the IP access for user?


    I mean: can I prevent any access for some user else from a specified IP/IP's ?
    I know it can be for the whole server, but I need to set an IP access for each user.

    By theway, can I limit the qouta also

  2. #2
    Linux Newbie
    Join Date
    Feb 2008
    Location
    Bangalore, India
    Posts
    112
    I am not sure about setting ip per user. but you can set quota on different users. Please follow the link link, http://www.redhat.com/docs/manuals/l...sk-quotas.html
    bigunix.blogspot.com
    Registered Linux User: #476440

  3. #3
    Linux Guru anomie's Avatar
    Join Date
    Mar 2005
    Location
    Texas
    Posts
    1,692
    Quote Originally Posted by kdman
    I mean: can I prevent any access for some user else from a specified IP/IP's ?
    I know it can be for the whole server, but I need to set an IP access for each user.
    For what service?

  4. $spacer_open
    $spacer_close
  5. #4
    Just Joined!
    Join Date
    Apr 2008
    Posts
    20
    ynilesh: thanks for quota

    anomie: I need to limit IP access for shell user who created by "adduser" command.

  6. #5
    Linux Newbie
    Join Date
    Feb 2008
    Location
    Bangalore, India
    Posts
    112
    Question : I need to limit IP access for shell user who created by "adduser" command.

    Does it mean you want to restrict local users not to ssh/scp/ftp using your ip address?

    If yes there is a workaround if its service base.... i have not tried this anywhere.

    1. which {service name} ...
    `which sshd`
    /usr/sbin/sshd

    2. check `ls -al /usr/sbin/sshd`
    -rwxr-xr-x 1 root root 368068 2008-04-02 00:33 /usr/sbin/sshd

    3. Create group of users whom you want to give access, rest will be denied to access service.
    groupadd {groupname} -
    ex. `groupadd allowaccess`

    4. Give execute permission to this group only.
    chgrp allowaccess /usr/sbin/sshd
    chmod 750 /usr/sbin/sshd

    5. Check if your denied users still can access the service.

    Follow the same procedure for other services
    bigunix.blogspot.com
    Registered Linux User: #476440

  7. #6
    Just Joined!
    Join Date
    Apr 2008
    Posts
    20
    Thanks, but that is not what I need.
    I offer some shell account and for security reasons, I wan't that account can be access from the client IP only.
    I don't wish any hacker can access it even if he got the use and password.

  8. #7
    Linux Newbie
    Join Date
    Feb 2008
    Location
    Bangalore, India
    Posts
    112
    Use tcp wrappers which allow/deny access to the ip's, network on service level. You need not to create seperate shell account for that...

    Allow sshd service access to only known ip's and network.
    bigunix.blogspot.com
    Registered Linux User: #476440

  9. #8
    Linux Guru
    Join Date
    Nov 2007
    Location
    Córdoba (Spain)
    Posts
    1,513
    You all should read on iptables. It can do that and much more. It's not trivial to learn, though.

    There are some frontends available, like shorewall, and even graphical ones. But for advanced stuff you'll actually need to learn iptables, since the frontends can never match all the features and flexibility of iptables.

  10. #9
    Just Joined!
    Join Date
    Apr 2008
    Posts
    20
    i92guboj : Great advice, Thanks a lot

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •