Results 1 to 9 of 9
I mean: can I prevent any access for some user else from a specified IP/IP's ?
I know it can be for the whole server, but I need to set ...
- 04-12-2008 #1Just Joined!
- Join Date
- Apr 2008
- Posts
- 20
Can I limit the IP access for user?
I mean: can I prevent any access for some user else from a specified IP/IP's ?
I know it can be for the whole server, but I need to set an IP access for each user.
By theway, can I limit the qouta also
- 04-12-2008 #2Linux Newbie
- Join Date
- Feb 2008
- Location
- Bangalore, India
- Posts
- 112
I am not sure about setting ip per user. but you can set quota on different users. Please follow the link link, http://www.redhat.com/docs/manuals/l...sk-quotas.html
bigunix.blogspot.com
Registered Linux User: #476440
- 04-12-2008 #3Linux Guru
- Join Date
- Mar 2005
- Location
- Texas
- Posts
- 1,692
- 04-13-2008 #4Just Joined!
- Join Date
- Apr 2008
- Posts
- 20
ynilesh: thanks for quota
anomie: I need to limit IP access for shell user who created by "adduser" command.
- 04-17-2008 #5Linux Newbie
- Join Date
- Feb 2008
- Location
- Bangalore, India
- Posts
- 112
Question : I need to limit IP access for shell user who created by "adduser" command.
Does it mean you want to restrict local users not to ssh/scp/ftp using your ip address?
If yes there is a workaround if its service base.... i have not tried this anywhere.
1. which {service name} ...
`which sshd`
/usr/sbin/sshd
2. check `ls -al /usr/sbin/sshd`
-rwxr-xr-x 1 root root 368068 2008-04-02 00:33 /usr/sbin/sshd
3. Create group of users whom you want to give access, rest will be denied to access service.
groupadd {groupname} -
ex. `groupadd allowaccess`
4. Give execute permission to this group only.
chgrp allowaccess /usr/sbin/sshd
chmod 750 /usr/sbin/sshd
5. Check if your denied users still can access the service.
Follow the same procedure for other servicesbigunix.blogspot.com
Registered Linux User: #476440
- 04-17-2008 #6Just Joined!
- Join Date
- Apr 2008
- Posts
- 20
Thanks, but that is not what I need.
I offer some shell account and for security reasons, I wan't that account can be access from the client IP only.
I don't wish any hacker can access it even if he got the use and password.
- 04-19-2008 #7Linux Newbie
- Join Date
- Feb 2008
- Location
- Bangalore, India
- Posts
- 112
Use tcp wrappers which allow/deny access to the ip's, network on service level. You need not to create seperate shell account for that...
Allow sshd service access to only known ip's and network.bigunix.blogspot.com
Registered Linux User: #476440
- 04-22-2008 #8Linux Guru
- Join Date
- Nov 2007
- Location
- Córdoba (Spain)
- Posts
- 1,513
You all should read on iptables. It can do that and much more. It's not trivial to learn, though.
There are some frontends available, like shorewall, and even graphical ones. But for advanced stuff you'll actually need to learn iptables, since the frontends can never match all the features and flexibility of iptables.
- 04-22-2008 #9Just Joined!
- Join Date
- Apr 2008
- Posts
- 20
i92guboj : Great advice, Thanks a lot
Reply With Quote
Originally Posted by kdman 
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
