Operating System - HP-UX
1748089 Members
5026 Online
108758 Solutions
New Discussion

Re: restricted telnet access

 
SOLVED
Go to solution
Peggy Fong
Respected Contributor

Re: restricted telnet access

I know this is a late answer but I just came across your question. It sounds like you want to deny direct login access to an application-id and force users to login with their real user-id and then su to to application-id. If this is true, I've implemented it by creating a file called /etc/not_loginable. In this file you would list each id you do not want direct login access (e.g. oracle, apdms, ...) Do NOT include root in this list. Then add a script to /etc/profile to read this list and exit if the login matches. Here are examples of the input file and script:

# cat /etc/not_loginable
oracle
opc_op
applmgr
oradev

First part of /etc/profile - add custom code right after the "trap" command:

# @(#) $Revision: 74.2 $

# Default (example of) system-wide profile file (/usr/bin/sh initialization).
# This should be kept to the bare minimum every user needs.

# Ignore HUP, INT, QUIT now.

trap "" 1 2 3
#
# custom code for denying generic account login
if logname > /dev/null 2>&1
then
LGNM=`logname`
if egrep "^${LGNM}$" /etc/not_loginable > /dev/null 2>&1
then
echo "\nDirect login not allowed for $LGNM\n"
echo "\nNO remote login allowed for $LGNM(`date '+%D %T'`)\n" |
mailx -s "`hostname` login attempt for $LGNM" root
echo "\nNO remote login allowed for $LGNM (`date '+%D %T'`)\n" |
logger -p user.err -t NOT_LOGINABLE
exit 1
fi
fi

# end custom code

My apologies if the spacing did not come out right. I'v added an attachment that should look cleaner. I never added an attachment. If this one doesn't work - I'll try again on the next post.
Hope this is what you were looking for.
Carsten Drzensky
Occasional Contributor

Re: restricted telnet access

Hi,

Thanks to all for Your help and replies and apologies for the late points assignment.

I ended up with the solution of editing the /etc/profile file. After adding the appropriate lines users listed in a specific file are not able to log on via telnet anymore.


Regards,

Peter