Simpler Navigation for Servers and Operating Systems - Please Update Your Bookmarks
Completed: a much simpler Servers and Operating Systems section of the Community. We combined many of the older boards, so you won't have to click through so many levels to get at the information you need. Check the consolidated boards here as many sub-forums are now single boards.
If you have bookmarked forums or discussion boards in Servers and Operating Systems, we suggest you check and update them as needed.
cancel
Showing results for 
Search instead for 
Did you mean: 

Deny telnet for a user

Sirius Black
Regular Advisor

Deny telnet for a user

Hi all,
I've a user on my machine, to whom I want to allow only ftp protocol not telnet, ssh, rlogin etc.. What I've to do ?
Thanks a lot
7 REPLIES
Mark Grant
Honored Contributor

Re: Deny telnet for a user

The simple thing to do is to either use /var/adm/inetd.sec or possibly give them a .profile that contains just one command "exit".

When they log in with ftp, the .profile is not run but all the other protocols you mention do.
Never preceed any demonstration with anything more predictive than "watch this"
Graham Cameron_1
Honored Contributor

Re: Deny telnet for a user

Change inetd.sec as per Mark above, or set the shell to /usr/bin/false in /etc/passwd.
(Both on the target system).

-- Graham
Computers make it easier to do a lot of things, but most of the things they make it easier to do don't need to be done.
T G Manikandan
Honored Contributor

Re: Deny telnet for a user

Sirius Black
Regular Advisor

Re: Deny telnet for a user

Graham with your solution the ftp does'nt pass instead with Mark's solution all things goes good..
Thanks a lot
Fabrizio
Highlighted
Fabricio_2
Occasional Advisor

Re: Deny telnet for a user



Put this is /etc/profile:

NAME=`logname`
if [ $NAME = user_to_deny ]
then
exit
fi

Fabricio.
Elmar P. Kolkman
Honored Contributor

Re: Deny telnet for a user

Mark's solution should work, but only if /bin/false is in /etc/shells
Every problem has at least one solution. Only some solutions are harder to find.
Jeff Schussele
Honored Contributor

Re: Deny telnet for a user

Hi Alleva,

Easiest way to do this is with tcp-wrappers available here:

http://hpux.cs.utah.edu/hppd/hpux/Networking/Admin/tcp_wrappers-7.6/

Using inetd.sec you can only go to the host or subnet level. TCP-wrappers allows you to extend the granularity to the user level.

HTH,
Jeff
PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!