((AllowUsers || AllowGroups) && !(AllowUsers && AllowGroups))
Kevin Steves
stevesk at pobox.com
Sat Feb 15 05:27:34 EST 2003
On Fri, Feb 14, 2003 at 01:12:41PM -0500, James Dennis wrote:
> Kevin,
>
> I think the problem is the last line.
>
> >> Condition blah haha root
> >> AllowGroups users, AllowUsers root => no no no
>
> blah, haha, and root should all be able to login, but his table shows
> that they actually cannot. I'm pretty sure thats not intended by your
> description.
>
> > if user in denyusers
> > deny
> Shouldn't affect any of them.
>
> > if #allowusers > 0 and user not in allowusers
> > deny
> root is in AllowUsers so this shouldn't deny (Unless PermitRootLogin no?)
blah and haha are denied here.
> > if user group in deny groups
> > deny
> Again, no deny directives so this shouldn't affect anyone.
>
> > if #allowgroups > 0 and user group not in allowgroups
> > deny
> blah and haha's group is in allow group so they shouldn't be denied.
root is denied here.
More information about the openssh-unix-dev
mailing list