- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - Linux
- >
- Preventing telnet for non-root users
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-07-2004 07:06 AM
04-07-2004 07:06 AM
I want to prevent users such as oracle from telnetting to the machine directly. I want to force them to su from their own userid. Does anyone know how to do this?
Thanks
Jeff
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-07-2004 08:01 AM
04-07-2004 08:01 AM
Re: Preventing telnet for non-root users
One of two things:
for telnet / ssh, you only need to put a valid shell in /etc/passwd to
enable telnet. if you want to disable it, put /bin/false or an invalid shell
(the first it's my regular choice. do not forget to add /bin/false to
/etc/shells if you do not have it already there)
or you can restrict through /etc/xinetd.d/telent
You really should be using SSH services and not Telnet.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-07-2004 08:10 AM
04-07-2004 08:10 AM
Re: Preventing telnet for non-root users
Do you or anyone have additional suggestions?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-07-2004 08:28 AM
04-07-2004 08:28 AM
Re: Preventing telnet for non-root users
ds
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-07-2004 08:33 AM
04-07-2004 08:33 AM
Re: Preventing telnet for non-root users
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-07-2004 08:34 AM
04-07-2004 08:34 AM
Re: Preventing telnet for non-root users
just to clarify, what you want them to do
telnet host
user:
...
su
vs
telnet host
user: root
...
is this true?
You are aware that in most cases they will be able to defeat easily whatever you setup to force them to do things your way if they have root access, aren't you?
Greetings, Martin
P.S. To disable root access, check if you have /etc/securettys. If yes, replace it with an empty file
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-07-2004 11:13 AM
04-07-2004 11:13 AM
SolutionSo basically you want the 'oracle' user to be a root-like account without direct logins, only accessable from secure TTY's, or from 'su'.
Sounds like a job for Super 'PAM'! ..
I'd really like to say 'pam is your friend', but it is really a pain in the ass ;)
Try adding an entry to your '/etc/security/access.conf' similar to:
-:oracle:ALL
And modifying '/etc/pam.d/login' to have a line similar to:
account required /lib/security/pam_access.so
This should say that the 'oracle' account can't login, but will still be able to su'd too.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-07-2004 05:27 PM
04-07-2004 05:27 PM
Re: Preventing telnet for non-root users
Jeff,
I think this is one of the most common question i am seeing on these forums. I would suggest that you review the link below and let us know if you have any specific questions
http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=469590
rgds
Mobeen
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-07-2004 05:42 PM
04-07-2004 05:42 PM
Re: Preventing telnet for non-root users
check file
*) /etc/securetty
*) /etc/security/access.conf
Hope this url will help u further, related to suse.
http://www.linuxquestions.org/questions/history/166670
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-08-2004 02:34 AM
04-08-2004 02:34 AM
Re: Preventing telnet for non-root users
First of all thanks for all your help. To clarify I wanted to prevent remote logins to users such as oracle but I still wanted to be able to su to the same user. The oracle user is still required to perform tasks but I wanted to track who was using the user.
The answer that solved my problem was from Stuart! Thanks
Jeff