topic Re: Deny telnet for a user in Operating System - HP-UX

Deny telnet for a user

Sirius Black — Wed, 12 Nov 2003 06:21:13 GMT

Hi all,
I've a user on my machine, to whom I want to allow only ftp protocol not telnet, ssh, rlogin etc.. What I've to do ?
Thanks a lot

Re: Deny telnet for a user

Mark Grant — Wed, 12 Nov 2003 06:24:57 GMT

The simple thing to do is to either use /var/adm/inetd.sec or possibly give them a .profile that contains just one command "exit".

When they log in with ftp, the .profile is not run but all the other protocols you mention do.

Re: Deny telnet for a user

Graham Cameron_1 — Wed, 12 Nov 2003 06:27:20 GMT

Change inetd.sec as per Mark above, or set the shell to /usr/bin/false in /etc/passwd.
(Both on the target system).

-- Graham

Re: Deny telnet for a user

T G Manikandan — Wed, 12 Nov 2003 06:35:14 GMT

THis doc will help u

http://www2.itrc.hp.com/service/cki/docDisplay.do?docLocale=en_US&docId=200000062906536

Re: Deny telnet for a user

Sirius Black — Wed, 12 Nov 2003 06:36:16 GMT

Graham with your solution the ftp does'nt pass instead with Mark's solution all things goes good..
Thanks a lot
Fabrizio

Re: Deny telnet for a user

Fabricio_2 — Wed, 12 Nov 2003 07:15:01 GMT

Put this is /etc/profile:

NAME=`logname`
if [ $NAME = user_to_deny ]
then
exit
fi

Fabricio.

Re: Deny telnet for a user

Elmar P. Kolkman — Wed, 12 Nov 2003 07:18:18 GMT

Mark's solution should work, but only if /bin/false is in /etc/shells

Re: Deny telnet for a user

Jeff Schussele — Wed, 12 Nov 2003 08:39:21 GMT

Hi Alleva,

Easiest way to do this is with tcp-wrappers available here:

http://hpux.cs.utah.edu/hppd/hpux/Networking/Admin/tcp_wrappers-7.6/

Using inetd.sec you can only go to the host or subnet level. TCP-wrappers allows you to extend the granularity to the user level.

HTH,
Jeff