The software described in this documentation is either in Extended Support or Sustaining Support. See https://www.oracle.com/us/support/library/enterprise-linux-support-policies-069172.pdf for more information.
Oracle recommends that you upgrade the software described by this documentation as soon as possible.
You can use the User Manager GUI (system-config-users) to add or delete users and groups and to modify settings such as passwords, home directories, login shells, and group membership. Alternatively, you can use commands such as useradd and groupadd.
To enable local access control, select the
Enable local access control
check box on the Advanced Options tab of the Authentication
Configuration GUI
(system-config-authentication). The system
can then read the /etc/security/access.conf
file for local user authorization rules that specify login
combinations that the system accepts or refuses.
Figure 23.2 shows the Authentication Configuration GUI with the Advanced Options tab selected.
Alternatively, use the following command:
# authconfig --enablepamaccess --update
Each entry in /etc/security/access.conf
takes
the form:
permission
:users
:origins
[ except
-
permission
Set to
+
or-
to grant or deny login respectively.-
users
Specifies a space-separated list of user or group names or
ALL
for any user or group. Enclose group names in parentheses to distinguish them from user names. You can use theEXCEPT
operator to exclude a list of users from the rule.-
origins
Specifies a space-separated list of host names, fully qualified domain names, network addresses, terminal device names,
ALL
, orNONE
. You can use theEXCEPT
operator to exclude a list of origins from the rule.
For example, the following rule denies login access by anyone
except root
from the network 192.168.2.0/24:
- : ALL except root : 192.168.2.0/24
For more information, see the access.conf(5)
manual page and Chapter 24, Local Account Configuration.