System Administration
Showing results for 
Search instead for 
Do you mean 

Deny telnet for a user

Regular Advisor

Deny telnet for a user

Hi all,
I've a user on my machine, to whom I want to allow only ftp protocol not telnet, ssh, rlogin etc.. What I've to do ?
Thanks a lot
7 REPLIES
Honored Contributor Honored Contributor

Re: Deny telnet for a user

The simple thing to do is to either use /var/adm/inetd.sec or possibly give them a .profile that contains just one command "exit".

When they log in with ftp, the .profile is not run but all the other protocols you mention do.
Never preceed any demonstration with anything more predictive than "watch this"
Honored Contributor Honored Contributor

Re: Deny telnet for a user

Change inetd.sec as per Mark above, or set the shell to /usr/bin/false in /etc/passwd.
(Both on the target system).

-- Graham
Computers make it easier to do a lot of things, but most of the things they make it easier to do don't need to be done.
Honored Contributor Honored Contributor

Re: Deny telnet for a user

Regular Advisor

Re: Deny telnet for a user

Graham with your solution the ftp does'nt pass instead with Mark's solution all things goes good..
Thanks a lot
Fabrizio
Highlighted
Occasional Advisor

Re: Deny telnet for a user



Put this is /etc/profile:

NAME=`logname`
if [ $NAME = user_to_deny ]
then
exit
fi

Fabricio.
Honored Contributor Honored Contributor

Re: Deny telnet for a user

Mark's solution should work, but only if /bin/false is in /etc/shells
Every problem has at least one solution. Only some solutions are harder to find.
Honored Contributor Honored Contributor

Re: Deny telnet for a user

Hi Alleva,

Easiest way to do this is with tcp-wrappers available here:

http://hpux.cs.utah.edu/hppd/hpux/Networking/Admin/tcp_wrappers-7.6/

Using inetd.sec you can only go to the host or subnet level. TCP-wrappers allows you to extend the granularity to the user level.

HTH,
Jeff
PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!