https://community.hpe.com/t5/operating-system-hp-ux/rexec/m-p/3108270#M631633 Hi Ihab,<BR /> <BR />Another option would be to obtain &amp; install Tcp_wrappers software. Using it's /etc/hosts.allow &amp; /etc/hosts.deny files granularity can be taken down to the user level as well as host &amp; subnet levels.<BR /><BR />Tcp_wrappers can be obtained here:<BR /> <BR /><A href="http://hpux.cs.utah.edu/hppd/hpux/Networking/Admin/tcp_wrappers-7.6/" target="_blank">http://hpux.cs.utah.edu/hppd/hpux/Networking/Admin/tcp_wrappers-7.6/</A><BR /> <BR />Rgds,<BR />Jeff Mon, 03 Nov 2003 08:57:23 GMT Jeff Schussele 2003-11-03T08:57:23Z https://community.hpe.com/t5/operating-system-hp-ux/rexec/m-p/3108263#M631626 Hello,<BR /><BR />Is there a way to ban only one user from using rexec.<BR /><BR />I know that I can comment the 'exec' line in /etc/inetd.conf but this will ban all users.<BR /><BR />Thanks,<BR />Ihab Mon, 03 Nov 2003 01:53:47 GMT https://community.hpe.com/t5/operating-system-hp-ux/rexec/m-p/3108263#M631626 Ihab Zaki 2003-11-03T01:53:47Z https://community.hpe.com/t5/operating-system-hp-ux/rexec/m-p/3108264#M631627 You can use /var/adm/inetd.sec to limit individual IP's and hosts from running services.<BR /> <BR />It will look something like the following but check out "man inetd.sec"<BR /> <BR />exec deny 10.0.8.231 Mon, 03 Nov 2003 01:58:09 GMT https://community.hpe.com/t5/operating-system-hp-ux/rexec/m-p/3108264#M631627 Mark Grant 2003-11-03T01:58:09Z https://community.hpe.com/t5/operating-system-hp-ux/rexec/m-p/3108265#M631628 Further to Mark's suggestion, note that you will have to modify the inetd.sec file on each remote system you want to stop the user getting out to.<BR /><BR />You could consider writing a wrapper for rexec on the local system, but it's not so clean a solution.<BR /><BR />-- Graham Mon, 03 Nov 2003 03:16:50 GMT https://community.hpe.com/t5/operating-system-hp-ux/rexec/m-p/3108265#M631628 Graham Cameron_1 2003-11-03T03:16:50Z https://community.hpe.com/t5/operating-system-hp-ux/rexec/m-p/3108266#M631629 This applies to host / IP but not to user level, in my case I want to ban a user not a machine Mon, 03 Nov 2003 06:46:18 GMT https://community.hpe.com/t5/operating-system-hp-ux/rexec/m-p/3108266#M631629 Ihab Zaki 2003-11-03T06:46:18Z https://community.hpe.com/t5/operating-system-hp-ux/rexec/m-p/3108267#M631630 You can do this but it's going to be really annoying. You can make sure that each user that uses rexec has a .rhosts file except the one you want to stop and that /etc/hosts.equiv does not contain a reference to the originating host.<BR /> <BR />This is going to be a pain to manage if you have a lot of users using rexec. Mon, 03 Nov 2003 08:39:48 GMT https://community.hpe.com/t5/operating-system-hp-ux/rexec/m-p/3108267#M631630 Mark Grant 2003-11-03T08:39:48Z https://community.hpe.com/t5/operating-system-hp-ux/rexec/m-p/3108268#M631631 I don't think the suggestion re .rhosts will help.<BR />Unlike remsh, rexec dies not use .rhosts (or hosts.equiv). It prompts for a password and uses login authentication.<BR /><BR />-- Graham Mon, 03 Nov 2003 08:53:40 GMT https://community.hpe.com/t5/operating-system-hp-ux/rexec/m-p/3108268#M631631 Graham Cameron_1 2003-11-03T08:53:40Z https://community.hpe.com/t5/operating-system-hp-ux/rexec/m-p/3108269#M631632 Graham,<BR /> <BR />"man rexec" Mon, 03 Nov 2003 08:56:35 GMT https://community.hpe.com/t5/operating-system-hp-ux/rexec/m-p/3108269#M631632 Mark Grant 2003-11-03T08:56:35Z https://community.hpe.com/t5/operating-system-hp-ux/rexec/m-p/3108270#M631633 Hi Ihab,<BR /> <BR />Another option would be to obtain &amp; install Tcp_wrappers software. Using it's /etc/hosts.allow &amp; /etc/hosts.deny files granularity can be taken down to the user level as well as host &amp; subnet levels.<BR /><BR />Tcp_wrappers can be obtained here:<BR /> <BR /><A href="http://hpux.cs.utah.edu/hppd/hpux/Networking/Admin/tcp_wrappers-7.6/" target="_blank">http://hpux.cs.utah.edu/hppd/hpux/Networking/Admin/tcp_wrappers-7.6/</A><BR /> <BR />Rgds,<BR />Jeff Mon, 03 Nov 2003 08:57:23 GMT https://community.hpe.com/t5/operating-system-hp-ux/rexec/m-p/3108270#M631633 Jeff Schussele 2003-11-03T08:57:23Z https://community.hpe.com/t5/operating-system-hp-ux/rexec/m-p/3108271#M631634 Graham,<BR /> <BR />Apologies!! You are right, it's a long time since I read the man page for "rexec".<BR /> <BR />rexec authenticates the same as login! Mon, 03 Nov 2003 08:59:33 GMT https://community.hpe.com/t5/operating-system-hp-ux/rexec/m-p/3108271#M631634 Mark Grant 2003-11-03T08:59:33Z