1834091 Members
2096 Online
110063 Solutions
New Discussion

Re: Telnet restriction

 
CHRIS QUINN
Occasional Contributor

Telnet restriction

I need to restrict a user from telneting to other servers (this user dials into the server).
He needs to retain access to ftp and will be allowed to transfer files from his PC.
The server he dials into sits on a network with over 200 Nt and Unix servers so I need a solution that I can apply on the server he dials into, one solution would be to alias telnet etc in his profile, but as he is allowed to ftp files to the server this cannot guarantee he will not ftp a version of telnet from his own PC, name it fred and use this to telnet out of the server.
Has anyone any other solutions?
8 REPLIES 8
G. Vrijhoeven
Honored Contributor

Re: Telnet restriction

Hi,

You can provide the user with a change root env. and only link the commands he is allowed to use ore create a menu that provide the user with the commands he needs to use.

Hope this will help,

Gideon

CHRIS QUINN
Occasional Contributor

Re: Telnet restriction

Although linking would work! the only restriction for the user would be telnet, rlogin etc, so linking all the other commands would be impractical.
Thanks anyway
Clemens van Everdingen
Honored Contributor

Re: Telnet restriction

Hi,

It might be a solution to create a hosts.allow file and put his ip address in there with ftp.

C.
The computer is a great invention, there are as many mistakes as ever, but they are nobody's fault !
K.Vijayaragavan.
Respected Contributor

Re: Telnet restriction

Hi,

As he may telnet from his PC, and if his PC has got a fixed IP, then you can edit the "/var/adm/inetd.sec" file and add and entry,

"telnet deny

-Vijay
"Let us fine tune our knowledge together"
Ron Kinner
Honored Contributor

Re: Telnet restriction

If you change the default ftpd mask from 027 with the ftpd -u option and alias away both chmod and telnet then he could upload fred but couldn't run it. Except that I see that HP has a non-standard SITE option on ftp which allows him to chmod and mask. Anyway to disable that?

Ron
Steve Darnell
Occasional Advisor

Re: Telnet restriction

I am skeptical about the idea of aliasing away the telnet command.
For this to work, you would also have to alias /usr/bin/telnet, /usr/bin/./telnet, etc.
Ron Kinner
Honored Contributor

Re: Telnet restriction

How about replacing the telnet command for this guy with:

echo "You're Fired!" ;-)

Ron
Scott Van Kalken
Esteemed Contributor

Re: Telnet restriction

if all he needs is ftp then set his shell to be /usr/bin/ftp.