LDP
/
old-www
1
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity
old-www/HOWTO/VPN-HOWTO/x256.html

184 lines
3.4 KiB
HTML
Raw Permalink Blame History

<HTML
><HEAD
><TITLE
>Restricting Users</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
"><LINK
REL="HOME"
TITLE="VPN HOWTO"
HREF="index.html"><LINK
REL="UP"
TITLE="Server"
HREF="c224.html"><LINK
REL="PREVIOUS"
TITLE="User Access - letting people in"
HREF="x245.html"><LINK
REL="NEXT"
TITLE="Networking"
HREF="x265.html"></HEAD
><BODY
CLASS="sect1"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><DIV
CLASS="NAVHEADER"
><TABLE
SUMMARY="Header navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TH
COLSPAN="3"
ALIGN="center"
>VPN HOWTO</TH
></TR
><TR
><TD
WIDTH="10%"
ALIGN="left"
VALIGN="bottom"
><A
HREF="x245.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="80%"
ALIGN="center"
VALIGN="bottom"
>Chapter 3. Server</TD
><TD
WIDTH="10%"
ALIGN="right"
VALIGN="bottom"
><A
HREF="x265.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
></TABLE
><HR
ALIGN="LEFT"
WIDTH="100%"></DIV
><DIV
CLASS="sect1"
><H1
CLASS="sect1"
><A
NAME="AEN256">3.3. Restricting Users</H1
><P
>&#13;Now that you're keeping the bad people out, and only letting the good people
in, you may need to make sure that the good people behave themselves. This is
most easily done by not letting them do anything except run pppd. This may
or may not be necessary. I restrict users because the system that I maintain
is dedicated to VPN, so users have no business doing anything else on it.
</P
><DIV
CLASS="sect2"
><H2
CLASS="sect2"
><A
NAME="AEN259">3.3.1. sudo or not sudo</H2
><P
>&#13;There is this neat little program called sudo that allows the admin on a
Unix system to grant certain users the ability to run certain programs
as root. This is necessary in this case since pppd must be run as root.
You'll need to use this method if you want to allow users shell access.
Read up on how to setup and use sudo in the sudo man page. Using sudo
is best on multi-use systems that typically host a small number of
trusted users.
</P
><P
>&#13;If you decide to not allow users to have shell access, then the best way
to keep them from gaining it is to make their shell pppd. This is
done in the /etc/passwd file. You can see <A
HREF="x227.html#passwd"
>/etc/passwd file</A
>
that I did this for the last three users. The last field of the
/etc/passwd file is the user's shell. You needn't do anything special
to pppd in order to make it work. It gets executed as root when the
user connects. This is certainly the simplest setup to be had, as well
as the most secure, and ideal for large scale and corporate
systems. I describe exactly what all needs to be done later in this
document. You can <A
HREF="user-accounts.html"
>Section 5.7</A
> if you
like.
</P
></DIV
></DIV
><DIV
CLASS="NAVFOOTER"
><HR
ALIGN="LEFT"
WIDTH="100%"><TABLE
SUMMARY="Footer navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
><A
HREF="x245.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="index.html"
ACCESSKEY="H"
>Home</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
><A
HREF="x265.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
>User Access - letting people in</TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="c224.html"
ACCESSKEY="U"
>Up</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
>Networking</TD
></TR
></TABLE
></DIV
></BODY
></HTML
>
Reference in New Issue View Git Blame Copy Permalink