HPE Community
Operating System - HP-UX
1752576 Members
4206 Online
108788 Solutions
New Discussion юеВ

rlogin help

 
Abhilash Krishnan
Frequent Advisor

тАО04-07-2009 03:56 AM

тАО04-07-2009 03:56 AM

rlogin help

Hi all
I want only selected users to do rlogin.I don't want all users can do rlogin for my servers.Is their any way to do it.
0 Kudos
8 REPLIES 8
Pete Randall
Outstanding Contributor

тАО04-07-2009 04:05 AM

тАО04-07-2009 04:05 AM

Re: rlogin help

Use the ~/.rhosts file to enable individual users. See "man .rhosts".


Pete

Pete
0 Kudos
Rita C Workman
Honored Contributor

тАО04-07-2009 04:06 AM

тАО04-07-2009 04:06 AM

Re: rlogin help

Remote login (rlogin) requires the existence of either the .rhost or hosts.equiv file.

So if you don't want certain people to have that access you need to ensure that these files for those accounts don't have their information allowing to enter via the file permissions. A cron'd script that goes out and searches for these files and checks to ensure certain things aren't there might do.

Or if you are trying to block them from any contact (rlogin or telnet or anything) you could edit your /var/adm/inetd.sec file and put their info in that file like this example:

telnet deny x.x.x.x
login deny 1.2.3.4 2.3.4.5

Rgrds,
Rita

0 Kudos
Abhilash Krishnan
Frequent Advisor

тАО04-07-2009 04:48 AM

тАО04-07-2009 04:48 AM

Re: rlogin help

Hi rita
I am doing changes in /var/adm/inetd.sec file


login deny srikanth

where srikanth is the user but still he can do rlogin to server I also rstart the initd services

0 Kudos
Patrick Wallek
Honored Contributor

тАО04-07-2009 05:17 AM

тАО04-07-2009 05:17 AM

Re: rlogin help

>>I am doing changes in /var/adm/inetd.sec file
>>login deny srikanth

The inetd.sec file only uses HOST NAMES or IP ADDRESSES. You can NOT put a user name in that file. It will NOT work.
0 Kudos
Johnson Punniyalingam
Honored Contributor

тАО04-07-2009 05:18 AM

тАО04-07-2009 05:18 AM

Re: rlogin help

Hi Biju,

>>changes in /var/adm/inetd.sec file <<

>>login deny srikanth<< You can only point ipaddress. only

Example:-

login deny 192.168.*.*

Thanks,
Johnson
Problems are common to all, but attitude makes the difference
0 Kudos
Johnson Punniyalingam
Honored Contributor

тАО04-07-2009 05:28 AM

тАО04-07-2009 05:28 AM

Re: rlogin help

Hi Biju,

You try some "work around" methods

Example 1:-

Create two groups. To this groups add the users to which you want to give rlogin & telnet access. Say for example.

vi /etc/group

...
...
...
telgrp::600:root,debbie,joseph,deepak,muthu
rloggrp::601:root,debbie,joseph,deepak,muthu
-r-sr-xr-- 1 rloggrp bin 36864 Nov 14 2000 /usr/bin/rlogin
-r-xr-xr-- 1 telgrp bin 106496 Nov 14 2000 /usr/bin/telnet


Give execute permission for this group only.
Problems are common to all, but attitude makes the difference
0 Kudos
Abhilash Krishnan
Frequent Advisor

тАО04-07-2009 07:02 AM

тАО04-07-2009 07:02 AM

Re: rlogin help

Hi johnson

How i can give execute permission to that group only .Is this ok to change permission of /usr/bin/rlogin.Its Ok then give me step by step procedure to do it.I want only srikanth can rlogin to my server except srikanth noone can rlogin.
0 Kudos
Abhilash Krishnan
Frequent Advisor

тАО04-08-2009 09:36 PM

тАО04-08-2009 09:36 PM

Re: rlogin help

hi
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.