Hello,
At first, sorry about my English skills, I hope you guys understand me.
I just figured out that login.conf uses class parameters from the user database. So if I want to make user/group-specific restrictions for my users, I need to change their class value via
Since I'm using GID-based restrictions on my Linux systems, I don't really see the point to add another class parameter for my LDAP directory, which would do exactly the same thing as the GID in this case.
Any advice? And thank you.
At first, sorry about my English skills, I hope you guys understand me.
I just figured out that login.conf uses class parameters from the user database. So if I want to make user/group-specific restrictions for my users, I need to change their class value via
# chsh foobaruser. Since I'm using LDAP authentication for my system, this sounds like a pretty difficult way to restrict rights of all my users one-by-one -- and after editing a user with chsh, the system inserts the user into /etc/passwd where the user shouldn't be. Is there anyway to make username/UID/GID based restrictions for users? Or is it possible to use usernames in login.conf? Because I tried to find something from man pages but with bad results.Since I'm using GID-based restrictions on my Linux systems, I don't really see the point to add another class parameter for my LDAP directory, which would do exactly the same thing as the GID in this case.
Any advice? And thank you.