I need to restrict a user from telneting to other servers (this user dials into the server). He needs to retain access to ftp and will be allowed to transfer files from his PC. The server he dials into sits on a network with over 200 Nt and Unix servers so I need a solution that I can apply on the server he dials into, one solution would be to alias telnet etc in his profile, but as he is allowed to ftp files to the server this cannot guarantee he will not ftp a version of telnet from his own PC, name it fred and use this to telnet out of the server. Has anyone any other solutions?
You can provide the user with a change root env. and only link the commands he is allowed to use ore create a menu that provide the user with the commands he needs to use.
Although linking would work! the only restriction for the user would be telnet, rlogin etc, so linking all the other commands would be impractical. Thanks anyway
If you change the default ftpd mask from 027 with the ftpd -u option and alias away both chmod and telnet then he could upload fred but couldn't run it. Except that I see that HP has a non-standard SITE option on ftp which allows him to chmod and mask. Anyway to disable that?
I am skeptical about the idea of aliasing away the telnet command. For this to work, you would also have to alias /usr/bin/telnet, /usr/bin/./telnet, etc.
