HPE Community
Operating System - HP-UX
1831995 Members
3067 Online
110034 Solutions
New Discussion

Telnet access restrict

 
Massimo_20
Frequent Advisor

‎07-15-2003 02:19 AM

‎07-15-2003 02:19 AM

Telnet access restrict

how to restrict users to navigate when connected with telnet?????
0 Kudos
Reply
9 REPLIES 9
Ollie R
Respected Contributor

‎07-15-2003 02:26 AM

‎07-15-2003 02:26 AM

Re: Telnet access restrict

Hi,

You mean like with a restricted shell?

Change the user's login shell to "/bin/rsh".

Ollie.
To err is human but to not award points is unforgivable
0 Kudos
Reply
Massimo_20
Frequent Advisor

‎07-15-2003 02:35 AM

‎07-15-2003 02:35 AM

Re: Telnet access restrict

sorry but the question is another: the user can not navigate with cd command but also can not list or rename or copy or ... any file in another directory different from his home directory. I want that the home directory for the user will become his root directory.
Thank in advance!
0 Kudos
Reply
Ollie R
Respected Contributor

‎07-15-2003 02:38 AM

‎07-15-2003 02:38 AM

Re: Telnet access restrict

Hi,

Well, you can use the "chroot" command, but take note that all executables must be available using the new directory as root.

For example, if you want the user to be able to run "ls", you will have to copy the file "/sbin/ls" to "~/sbin/ls"

Other than that, you'll have to rely on standard Unix security.

Ollie.
To err is human but to not award points is unforgivable
0 Kudos
Reply
Massimo_20
Frequent Advisor

‎07-15-2003 02:45 AM

‎07-15-2003 02:45 AM

Re: Telnet access restrict

ok,
but where i must set the chroot from this user??? I tried to use the chroot command, but i don't know how to use chroot command.
The standard chroot man command use:
chroot directory command
Have you some information about chroot???
Thanks a lot!!!


0 Kudos
Reply
Ollie R
Respected Contributor

‎07-15-2003 02:56 AM

‎07-15-2003 02:56 AM

Re: Telnet access restrict

Hi,

According to the chroot(1m) manpage, "This command is restricted to users with appropriate privileges." Looks like you can't use this option just like that.

However, if you check the manpage for "login(1)", you'll find this reference about the "/etc/passwd" file: "If the command name field is *, a chroot() to the directory named in the directory field of the entry is performed. At that point, login is re-executed at the new level, which must have its own root structure, including a /usr/bin/login command and an /etc/passwd file."

Hope this helps,

Ollie.
To err is human but to not award points is unforgivable
0 Kudos
Reply
Massimo_20
Frequent Advisor

‎07-15-2003 04:30 AM

‎07-15-2003 04:30 AM

Re: Telnet access restrict

The solution is near!!!!!!!
I copied the /etc/passwd file, the /usr/bin/login and some library in the user roort dir, in the right paths!
Now there is a problem: when the user logged in the subsystem, it ask me a new login....
..
What's the meaning???

Thanks!
0 Kudos
Reply
Ollie R
Respected Contributor

‎07-15-2003 04:44 AM

‎07-15-2003 04:44 AM

Re: Telnet access restrict

Hi Massimo,

I think this is correct. If you read the "login" man page it says it gets a login again. I presume it looks for passwords in the new chroot-ed /etc/passwd file.

Ollie.
To err is human but to not award points is unforgivable
0 Kudos
Reply
Massimo_20
Frequent Advisor

‎07-15-2003 04:50 AM

‎07-15-2003 04:50 AM

Re: Telnet access restrict

Hi Ollie,

also I think this is correct. I create the /etc/passwd file, but the system not find the user login. The login man page is poor of information about this.

Now i try another!!!

Thank you very much.

Ciao
0 Kudos
Reply
Enrico P.
Honored Contributor

‎07-15-2003 05:37 AM

‎07-15-2003 05:37 AM

Re: Telnet access restrict

Hi Massimo,
don' t forget to assign point who helped you!!! :)


Enrico
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.