How to use PAM to restrict HTTP access for some users?
Posted
by
MaxB
on Ask Ubuntu
See other posts from Ask Ubuntu
or by MaxB
Published on 2013-02-25T15:36:24Z
Indexed on
2013/10/26
22:16 UTC
Read the original article
Hit count: 289
I've read that PAM can be used to restrict HTTP access for some users, but I can't figure out how to do it in Ubuntu 12.04.
The /etc/security/time.conf
man page contains this example:
All users except for root are denied access to console-login at all times:
login ; tty* & !ttyp* ; !root ; !Al0000-2400
For this to work, /etc/pam.d/login
needs to have a line
account requisite pam_time.so
This example works, and I tried to adapt it to limit HTTP access from the console. I added
http ; tty* & !ttyp* ; !root ; !Al0000-2400
to /etc/security/time.conf
, and created /etc/pam.d/http
with
account requisite pam_time.so
This doesn't work. I can still use wget
as non-root from the console.
© Ask Ubuntu or respective owner