Centos on despatcheshttps://icle.es/tags/centos/Recent content in Centos on despatchesHugoenFri, 20 Jun 2025 09:25:00 +0100Restricting Linux Logins to Specified Grouphttps://icle.es/2012/03/21/restricting-linux-logins-to-specified-group/Wed, 21 Mar 2012 11:36:45 +0000https://icle.es/2012/03/21/restricting-linux-logins-to-specified-group/<p>If you have linux boxes that authenticate over ldap but want logins for specific boxes to be restricted to a particular group, there is a simple way to achieve this.</p> <p>Firstly, create a new file called <code>/etc/group.login.allow</code> (it can be called anything - you just need to update the line below to reflect the name)</p> <p>In this file, pop in all the groups that should be able to login</p> ``` admin group1 group2 ``` <p>Edit <code>/etc/pam.d/common-auth</code> (in ubuntu), it might be called <code>/etc/pam.d/system-auth</code> or something else very similar. At the top of the file (or at least above other entries, add the following line:</p>If you have linux boxes that authenticate over ldap but want logins for specific boxes to be restricted to a particular group, there is a simple way to achieve this.

Firstly, create a new file called /etc/group.login.allow (it can be called anything - you just need to update the line below to reflect the name)

In this file, pop in all the groups that should be able to login

``` admin group1 group2 ```

Edit /etc/pam.d/common-auth (in ubuntu), it might be called /etc/pam.d/system-auth or something else very similar. At the top of the file (or at least above other entries, add the following line:

``` auth required pam_listfile.so onerr=fail item=group sense=allow file=/etc/group.login.allow ```

For the record, found this little tidbit over at the centos forums\

]]>