- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- restricted telnet access
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-23-2001 03:24 AM
тАО01-23-2001 03:24 AM
Although I am working with Unix now for three years (which is not very much) I am coming right now to the system administration of our HP9000 which is really new to me.
We have several applications running on our HP-UX 11.0 system which are used and accessed by several people via the LAN/WAN.
To have a better possibility of logging users and their activities I would like to disable the Unix user accounts where the apps are isntalled and have one account for each user who should do a "su -
Could You please help me in setting this up as I cannot really find something about this in the documentation?
Thanks in advance!
Regards,
Peter
Solved! Go to Solution.
- Tags:
- telnet
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-23-2001 03:47 AM
тАО01-23-2001 03:47 AM
Re: restricted telnet access
I suppose the easiest would be to install and use sudo: You will not have to fight with shells configs etc...
You will not have to give the passwd of your application UID, you could configure sudo so it su them with the command without passwd asked...
Good luck
Victor
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-23-2001 04:22 AM
тАО01-23-2001 04:22 AM
Re: restricted telnet access
Bill Hassell, sysadmin
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-23-2001 04:46 AM
тАО01-23-2001 04:46 AM
Re: restricted telnet access
The users will need Shell access so logging them directly into the application will not work on our system.
I had a quick look at sudo and it looks really nice. What I still wonder is how I can use sudo to prevent specific users logging on via telnet. Will sudo deny the connection when configured properly? (If yes would it be possible to have an example configuration for this?)
Peter
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-23-2001 07:12 AM
тАО01-23-2001 07:12 AM
Re: restricted telnet access
You can trace the sudo activity because it will be logged in /var/adm/syslog/syslog.log:
COMMAND=/usr/bin/su - dbatram -c save_export_dbid 2WEEKS 2001.01.12
Jan 12 23:38:57 caph syslog: su : + tty?? root-dbatram
Jan 12 23:50:01 caph sudo: opertopa : TTY=unknown ; PWD=/home/opertopa ; USER=root ;
COMMAND=/usr/bin/su - dbatopa -c save_config_dbid
Good luck
Victor
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-23-2001 07:19 AM
тАО01-23-2001 07:19 AM
Re: restricted telnet access
I remembered that I used the source and compiled sudo myself in order for it to do what I wanted, I cant remember what was wrong with the one from the porting center, it was maybe timeout limit and asking passwd issue...
Best regards
Victor
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-24-2001 12:21 AM
тАО01-24-2001 12:21 AM
Re: restricted telnet access
The easiest way to prevent a direct telnet or ftp session for a specific user is by changing the password field to '*'. On a normal system this can be done in /etc/passwd, on a trusted system you can find the file in /tcb/files/auth. Setting the password field (not the password, but the field) to '*' will still allow su, rcp, rlogin, cron scripts etc.
Good luck and regards,
Paul te Vaanholt
HP Consulting
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-24-2001 04:54 AM
тАО01-24-2001 04:54 AM
Re: restricted telnet access
2. you can put all useres who can access de aplication on a group (/etc/group). Then you can check on login script ( /etc/profile )
[ `id | grep -c "xxx=(nnn)"` != 1 ] && exit
where xxx is the group ID and nnn is the group name
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-24-2001 07:23 AM
тАО01-24-2001 07:23 AM
Re: restricted telnet access
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-24-2001 08:10 AM
тАО01-24-2001 08:10 AM
Solution1) How do I prevent certain users from loggin ing in via telnet?
Add a few lines in the ~/.profile script belonging to the user you want to lock out. The following code snippet seems to work:
if ps -f | grep -q [t]elnetd; then
echo "telnet access not allowed"
exit 99
fi
This code immediately terminates telnet logins, but allows CDE and local logins to succeed.
2) How do I grant non-root users root access to execute selected commands?
I concur with the previous postings: sudo is the tool you need. I installed it from http://hpux.cs.utah.edu/ before with great success.
Hope that helps!