How to use PAM to restrict HTTP access for some users?

Posted by MaxB on Ask Ubuntu See other posts from Ask Ubuntu or by MaxB
Published on 2013-02-25T15:36:24Z Indexed on 2013/10/26 22:16 UTC
Read the original article Hit count: 289

Filed under:
|
|

I've read that PAM can be used to restrict HTTP access for some users, but I can't figure out how to do it in Ubuntu 12.04.

The /etc/security/time.conf man page contains this example:

All users except for root are denied access to console-login at all times:

    login ; tty* & !ttyp* ; !root ; !Al0000-2400

For this to work, /etc/pam.d/login needs to have a line

account    requisite  pam_time.so

This example works, and I tried to adapt it to limit HTTP access from the console. I added

http ; tty* & !ttyp* ; !root ; !Al0000-2400

to /etc/security/time.conf, and created /etc/pam.d/http with

account    requisite  pam_time.so

This doesn't work. I can still use wget as non-root from the console.

© Ask Ubuntu or respective owner

Related posts about networking

Related posts about permissions