Topic: Remote Access Rights

[steve]

It would be nice to be able to have only certain accounts have PPTP access.
When PPTP is enabled, ANY account on the e-smith server can be used to VPN into the e-smith server (even Admin, but not ROOT).
This means that your security is only as strong as your weakest account's username and password.
I found this out by having a test account "bob" with the password "cat"
VPN'd right in with those credentials, scared the heck out of me.

Time to get rid of the old "test" account!

[Charlie Brady]

steve wrote:

> It would be nice to be able to have only certain accounts
> have PPTP access.
> When PPTP is enabled, ANY account on the e-smith server can
> be used to VPN into the e-smith server (even Admin, but not
> ROOT).

For any account that you do not wish to have PPTP remote access, do:

# user is called "foo"
/sbin/e-smith/db accounts setprop foo PPTPAccess off
/sbin/e-smith/signal-event remoteaccess-update

Regards

Charlie

[steve]

Cool Charlie, thanks.

By the looks of what you wrote, there are a bunch of options that can be set this way.
Any way to get a list of them??

Steve

[Greg O]

Thanks also Charlie (:

You piqued my curiosity with that question as well, so I went to
/sbin/e-smith & looked at the dir contents.
Also, I ran "/sbin/e-smith/signal-event ?"
It gave me an error message, but also told me the dir where events are held: /etc/e-smith/events
So I went there and listed the contents as well.

So, there's ya list, what good it will do I dunno (:

Greg.

[robert]

Greg O wrote:
>
> Thanks also Charlie (:
>
> You piqued my curiosity with that question as well, so I went
> to
> /sbin/e-smith & looked at the dir contents.
> Also, I ran "/sbin/e-smith/signal-event ?"
> It gave me an error message, but also told me the dir where
> events are held: /etc/e-smith/events
> So I went there and listed the contents as well.
>
> So, there's ya list, what good it will do I dunno (:
>
> Greg.

The interesting bits are not the events, but the settable properties in the configuration database.

[Matthew Herbert]

Does anyone know how to have these properties set to disabled automatically when you create a new user?  I presume there is a script that sets the default properties for a users when created?  I will only want one or two users to have PPTP access and Remembering to disable the access manually every time a new account is created may be a problem.

Thanks

[Charlie Brady]

Matthew Herbert wrote:

> Does anyone know how to have these properties set to disabled
> automatically when you create a new user?  I presume there is
> a script that sets the default properties for a users when
> created?  I will only want one or two users to have PPTP
> access and Remembering to disable the access manually every
> time a new account is created may be a problem.

Add an action script to the user-create event directory which does nothing but set the property to disabled. Or, to be more correct, add that script to /etc/e-smith/events/actions, and symlink it into the user-create directory. See http://www.e-smith.org/custom/ for more detail.

Charlie