HPE Community
Operating System - HP-UX
1752437 Members
5494 Online
108788 Solutions
New Discussion юеВ

Re: Deny telnet for a user

 
Sirius Black
Regular Advisor

тАО11-11-2003 10:21 PM

тАО11-11-2003 10:21 PM

Deny telnet for a user

Hi all,
I've a user on my machine, to whom I want to allow only ftp protocol not telnet, ssh, rlogin etc.. What I've to do ?
Thanks a lot
0 Kudos
Reply
7 REPLIES 7
Mark Grant
Honored Contributor

тАО11-11-2003 10:24 PM

тАО11-11-2003 10:24 PM

Re: Deny telnet for a user

The simple thing to do is to either use /var/adm/inetd.sec or possibly give them a .profile that contains just one command "exit".

When they log in with ftp, the .profile is not run but all the other protocols you mention do.
Never preceed any demonstration with anything more predictive than "watch this"
0 Kudos
Reply
Graham Cameron_1
Honored Contributor

тАО11-11-2003 10:27 PM

тАО11-11-2003 10:27 PM

Re: Deny telnet for a user

Change inetd.sec as per Mark above, or set the shell to /usr/bin/false in /etc/passwd.
(Both on the target system).

-- Graham
Computers make it easier to do a lot of things, but most of the things they make it easier to do don't need to be done.
0 Kudos
Reply
T G Manikandan
Honored Contributor

тАО11-11-2003 10:35 PM

тАО11-11-2003 10:35 PM

Re: Deny telnet for a user

THis doc will help u

http://www2.itrc.hp.com/service/cki/docDisplay.do?docLocale=en_US&docId=200000062906536
0 Kudos
Reply
Sirius Black
Regular Advisor

тАО11-11-2003 10:36 PM

тАО11-11-2003 10:36 PM

Re: Deny telnet for a user

Graham with your solution the ftp does'nt pass instead with Mark's solution all things goes good..
Thanks a lot
Fabrizio
0 Kudos
Reply
Fabricio_2
Occasional Advisor

тАО11-11-2003 11:15 PM

тАО11-11-2003 11:15 PM

Re: Deny telnet for a user



Put this is /etc/profile:

NAME=`logname`
if [ $NAME = user_to_deny ]
then
exit
fi

Fabricio.
0 Kudos
Reply
Elmar P. Kolkman
Honored Contributor

тАО11-11-2003 11:18 PM

тАО11-11-2003 11:18 PM

Re: Deny telnet for a user

Mark's solution should work, but only if /bin/false is in /etc/shells
Every problem has at least one solution. Only some solutions are harder to find.
0 Kudos
Reply
Jeff Schussele
Honored Contributor

тАО11-12-2003 12:39 AM

тАО11-12-2003 12:39 AM

Re: Deny telnet for a user

Hi Alleva,

Easiest way to do this is with tcp-wrappers available here:

http://hpux.cs.utah.edu/hppd/hpux/Networking/Admin/tcp_wrappers-7.6/

Using inetd.sec you can only go to the host or subnet level. TCP-wrappers allows you to extend the granularity to the user level.

HTH,
Jeff
PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.