How to use PAM to restrict HTTP access for some users?

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Posted by MaxB on Ask Ubuntu See other posts from Ask Ubuntu or by MaxB
Published on 2013-02-25T15:36:24Z Indexed on 2013/10/26 22:16 UTC
Read the original article Hit count: 256

Filed under:
|
|

I've read that PAM can be used to restrict HTTP access for some users, but I can't figure out how to do it in Ubuntu 12.04.

The /etc/security/time.conf man page contains this example:

All users except for root are denied access to console-login at all times:

    login ; tty* & !ttyp* ; !root ; !Al0000-2400

For this to work, /etc/pam.d/login needs to have a line

account    requisite  pam_time.so

This example works, and I tried to adapt it to limit HTTP access from the console. I added

http ; tty* & !ttyp* ; !root ; !Al0000-2400

to /etc/security/time.conf, and created /etc/pam.d/http with

account    requisite  pam_time.so

This doesn't work. I can still use wget as non-root from the console.

© Ask Ubuntu or respective owner

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Related posts about networking

Related posts about permissions

Categories cloud

.NET ASP.NET iphone linux python Windows mysql android sql windows-7 html c ruby-on-rails css objective-c ubuntu networking sql-server wpf asp.net-mvc ruby database Xml apache AJAX osx security regex django Performance 12.04 windows-xp mac web-development iphone-sdk vb.net Silverlight apache2 flash server perl best-practices email installation eclipse visual-studio algorithm windows-server-2008 winforms wcf firefox bash dns /Oracle