Account Links: Cart | Your Account | Logout

Skip to content

Red Hat Knowledgebase

Red Hat Knowledgebase Search:

Updated Within the Last:

New Solutions within the last day New Solutions within the last week New Solutions within the last month

Browse by topics:


Click to View a Topic
Red Hat Enterprise Linux > Security > Issue <<  122 of 218 >>

Solution Tools:


Email a Solution Postcard Printer version Submit a comment on this answer Update notifications Request an answer Back

Article Reference

Article ID: 10676
Last update: 06-20-07
Issue:
How do I restrict system logins using PAM?
Resolution:

There is a PAM module called pam_listfile.so that can restrict/allow logins to a specific list of users or groups. To allow login to only the root user and another user called bob, add this line at the top of /etc/pam.d/system-auth: 

auth required /lib/security/pam_listfile.so onerr=fail item=user sense=allow file=/etc/allowedusers

Then create the file /etc/alloweusers with the following entries:

root
bob

This will restrict all users except root and bob to login to the system.

This configuration can be extended to groups as well, as follows:

auth required /lib/security/pam_listfile.so onerr=fail item=group sense=allow file=/etc/allowedgroups

And in /etc/allowedgroups:

wheel

This will only allow users that belong to the wheel group to login to the system.

The test can be reversed. Suppose that user haxor should be denied login then modify the configuration file to read as follows: 

auth required /lib/security/pam_listfile.so onerr=fail item=user sense=deny file=/etc/deniedusers

And in /etc/deniedusers:

haxor


How well did this entry answer your question?


good wrong incomplete out of date
Red Hat Enterprise Linux > Security > Issue <<   122  of  218  >>