HPE Community
Operating System - HP-UX
1836832 Members
2282 Online
110110 Solutions
New Discussion

restrict a particular user from telnet

 
SOLVED
Go to solution
Sanjeev gupta_2
Frequent Advisor

‎08-10-2004 11:38 PM

‎08-10-2004 11:38 PM

restrict a particular user from telnet

How can we restrict a particular user to telnet a system.
is there anyway to do it.
Thx
0 Kudos
Reply
13 REPLIES 13
Steve Steel
Honored Contributor

‎08-10-2004 11:51 PM

‎08-10-2004 11:51 PM

Re: restrict a particular user from telnet

Hi


If he comes from a certain system then with
inetd.sec see man inetd.sec

Otherwise on his machine of origin get rid of telnet for this user with an alias or such thing

What is the connection

pc-ux ux-ux

Steve Steel
If you want truly to understand something, try to change it. (Kurt Lewin)
0 Kudos
Reply
Sanjay Kumar Suri
Honored Contributor

‎08-10-2004 11:51 PM

‎08-10-2004 11:51 PM

Re: restrict a particular user from telnet

If you know the ip number of user system then following entery in /var/adm/inetd.sec should work:

telnet deny xxx.xxx.xxx.xxx

sks
A rigid mind is very sure, but often wrong. A flexible mind is generally unsure, but often right.
0 Kudos
Reply
Sanjeev gupta_2
Frequent Advisor

‎08-10-2004 11:54 PM

‎08-10-2004 11:54 PM

Re: restrict a particular user from telnet

Hi

But using inetd.sec i can retrict telenet from a particular system , but my case is that this user may come from any system and i do not want to restrict other user of that system to telnet.
0 Kudos
Reply
Sunil Sharma_1
Honored Contributor

‎08-11-2004 12:04 AM

‎08-11-2004 12:04 AM

Re: restrict a particular user from telnet

Hi,

it's not possible to restrict any perticular user to telnet to system.

You can put restriction on the basic of IP address of client. it can be done using inetd.sec file.

but if user will use some other IP address he will be allowed.

Sunil
*** Dream as if you'll live forever. Live as if you'll die today ***
0 Kudos
Reply
Sanjay Kumar Suri
Honored Contributor

‎08-11-2004 12:10 AM

‎08-11-2004 12:10 AM

Re: restrict a particular user from telnet

Remove the user from the /etc/passwd of target system.

sks
A rigid mind is very sure, but often wrong. A flexible mind is generally unsure, but often right.
0 Kudos
Reply
RAC_1
Honored Contributor

‎08-11-2004 12:29 AM

‎08-11-2004 12:29 AM

Re: restrict a particular user from telnet

Put some code in in /etc/profile. Something like follows.

user_id=${LOGNAME}

if [ $user_id = unix_user_id ]
then
echo "Telnet not allowed for you"
exit 0
else
echo "Welcome to the system"
fi

You may also want to have a look at tcp wrappers. If you latest SSH installed(HP ssh), tcp wrappers is built in. You can put appropriate entried in /etc/hosts.allow and /etc/hosts.deny. tcp wrappers can go upto user level. for your case the entry will go in /etc/hosts.deny. The exact syntax you will have to check. IT should be something like
telnetd:user_id

The code part is easy.

Anil
There is no substitute to HARDWORK
0 Kudos
Reply
Henrik Palmqvist
Advisor

‎08-11-2004 12:36 AM

‎08-11-2004 12:36 AM

Re: restrict a particular user from telnet

You could check if the parent process is telnetd in the users loginscript (.profile). If so, then just exit from the .profile script.

MYPPID=$( ps -fp $$ | tail -1 | awk '{print $3}' )
MYPPROCESS=$( ps -fp $MYPPID | tail -1 | awk '{print $NF}' )

[ "$MYPPROCESS" = "telnetd" ] && echo "Telnet not allowed" && exit
0 Kudos
Reply
Slawomir Gora
Honored Contributor

‎08-11-2004 12:44 AM

‎08-11-2004 12:44 AM

Re: restrict a particular user from telnet

Hi,

it is not possible to restrict any perticular user to telnet to system - maby ssh will solve you problem.
0 Kudos
Reply
Jose Mosquera
Honored Contributor

‎08-11-2004 12:46 AM

‎08-11-2004 12:46 AM

Re: restrict a particular user from telnet

Hi,

Configuring /var/adm/inetd.sec file is a good way to control a specific node into a LAN environment. The trouble is that user could connect into other LAN node. In my opinion the best way is by /etc/profile control. By this way doesn't matter where user is connected from and if the environment is LAN or not.

Rgds.

0 Kudos
Reply
Sunil Sharma_1
Honored Contributor

‎08-11-2004 12:47 AM

‎08-11-2004 12:47 AM

Solution

Re: restrict a particular user from telnet

Hi,

Another work around.

add an exit in users .profile first line.


so when user will login he will get logout immediately

Sunil
*** Dream as if you'll live forever. Live as if you'll die today ***
Reply
Thayanidhi
Honored Contributor

‎08-11-2004 01:19 AM

‎08-11-2004 01:19 AM

Re: restrict a particular user from telnet

If you cannot delete the user, and the user needed for some other purpose (e.g. ftp) then change the shell to some thing else.
(/usr/bin/false) - Not sure about the path

TT
Attitude (not aptitude) determines altitude.
0 Kudos
Reply
Ravi_8
Honored Contributor

‎08-11-2004 01:33 AM

‎08-11-2004 01:33 AM

Re: restrict a particular user from telnet

Hi,

on uid basis you can't disable telnet. where as on IP basis you can
never give up
0 Kudos
Reply
Muthukumar_5
Honored Contributor

‎08-11-2004 02:03 AM

‎08-11-2004 02:03 AM

Re: restrict a particular user from telnet

We can restrict a particular user from telnet /ssh or any other login services then,

1. Lock the user account as,
passwd -l

It can be done only by super user


2. Add an entry in /etc/profile as,

if [[ $LOGNAME = "username" ]]
then
echo "You are blocked to login. contact @"
# Sleep time to show to user
sleep 5
exit 0
fi

To block only telnet service then,

if [[ $LOGNAME = "testusr" ]]
then
if [[ `ps | grep -q telnet` -eq 0 ]]
then
echo "Your account login using telnet is blocked"
sleep 5
exit 0
fi
fi

So you can block using user accounts too.

Regards
Muthu
Easy to suggest when don't know about the problem!
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.