topic Re: rlogin help in Operating System - HP-UX

rlogin help

Abhilash Krishnan — Tue, 07 Apr 2009 10:56:06 GMT

Hi all
I want only selected users to do rlogin.I don't want all users can do rlogin for my servers.Is their any way to do it.

Re: rlogin help

Pete Randall — Tue, 07 Apr 2009 11:05:45 GMT

Use the ~/.rhosts file to enable individual users. See "man .rhosts".

Pete

Re: rlogin help

Rita C Workman — Tue, 07 Apr 2009 11:06:34 GMT

Remote login (rlogin) requires the existence of either the .rhost or hosts.equiv file.

So if you don't want certain people to have that access you need to ensure that these files for those accounts don't have their information allowing to enter via the file permissions. A cron'd script that goes out and searches for these files and checks to ensure certain things aren't there might do.

Or if you are trying to block them from any contact (rlogin or telnet or anything) you could edit your /var/adm/inetd.sec file and put their info in that file like this example:

telnet deny x.x.x.x
login deny 1.2.3.4 2.3.4.5

Rgrds,
Rita

Re: rlogin help

Abhilash Krishnan — Tue, 07 Apr 2009 11:48:35 GMT

Hi rita
I am doing changes in /var/adm/inetd.sec file

login deny srikanth

where srikanth is the user but still he can do rlogin to server I also rstart the initd services

Re: rlogin help

Patrick Wallek — Tue, 07 Apr 2009 12:17:57 GMT

>>I am doing changes in /var/adm/inetd.sec file
>>login deny srikanth

The inetd.sec file only uses HOST NAMES or IP ADDRESSES. You can NOT put a user name in that file. It will NOT work.

Re: rlogin help

Johnson Punniyalingam — Tue, 07 Apr 2009 12:18:06 GMT

Hi Biju,

>>changes in /var/adm/inetd.sec file <<

>>login deny srikanth<< You can only point ipaddress. only

Example:-

login deny 192.168.*.*

Thanks,
Johnson

Re: rlogin help

Johnson Punniyalingam — Tue, 07 Apr 2009 12:28:44 GMT

Hi Biju,

You try some "work around" methods

Example 1:-

Create two groups. To this groups add the users to which you want to give rlogin & telnet access. Say for example.

vi /etc/group

...
...
...
telgrp::600:root,debbie,joseph,deepak,muthu
rloggrp::601:root,debbie,joseph,deepak,muthu
-r-sr-xr-- 1 rloggrp bin 36864 Nov 14 2000 /usr/bin/rlogin
-r-xr-xr-- 1 telgrp bin 106496 Nov 14 2000 /usr/bin/telnet

Give execute permission for this group only.

Re: rlogin help

Abhilash Krishnan — Tue, 07 Apr 2009 14:02:35 GMT

Hi johnson

How i can give execute permission to that group only .Is this ok to change permission of /usr/bin/rlogin.Its Ok then give me step by step procedure to do it.I want only srikanth can rlogin to my server except srikanth noone can rlogin.

Re: rlogin help

Abhilash Krishnan — Thu, 09 Apr 2009 04:36:36 GMT