Re: Deny telnet for a user (68 Views)
Reply
Regular Advisor
Sirius Black
Posts: 122
Registered: ‎10-30-2002
Message 1 of 8 (68 Views)

Deny telnet for a user

Hi all,
I've a user on my machine, to whom I want to allow only ftp protocol not telnet, ssh, rlogin etc.. What I've to do ?
Thanks a lot
Honored Contributor
Mark Grant
Posts: 2,712
Registered: ‎04-01-2003
Message 2 of 8 (68 Views)

Re: Deny telnet for a user

The simple thing to do is to either use /var/adm/inetd.sec or possibly give them a .profile that contains just one command "exit".

When they log in with ftp, the .profile is not run but all the other protocols you mention do.
Never preceed any demonstration with anything more predictive than "watch this"
Honored Contributor
Graham Cameron_1
Posts: 542
Registered: ‎04-16-2001
Message 3 of 8 (68 Views)

Re: Deny telnet for a user

Change inetd.sec as per Mark above, or set the shell to /usr/bin/false in /etc/passwd.
(Both on the target system).

-- Graham
Computers make it easier to do a lot of things, but most of the things they make it easier to do don't need to be done.
Honored Contributor
T G Manikandan
Posts: 5,533
Registered: ‎12-11-2000
Message 4 of 8 (68 Views)

Re: Deny telnet for a user

Regular Advisor
Sirius Black
Posts: 122
Registered: ‎10-30-2002
Message 5 of 8 (68 Views)

Re: Deny telnet for a user

Graham with your solution the ftp does'nt pass instead with Mark's solution all things goes good..
Thanks a lot
Fabrizio
Occasional Advisor
Fabricio_2
Posts: 8
Registered: ‎01-15-2003
Message 6 of 8 (68 Views)

Re: Deny telnet for a user



Put this is /etc/profile:

NAME=`logname`
if [ $NAME = user_to_deny ]
then
exit
fi

Fabricio.
Honored Contributor
Elmar P. Kolkman
Posts: 1,179
Registered: ‎10-16-2003
Message 7 of 8 (68 Views)

Re: Deny telnet for a user

Mark's solution should work, but only if /bin/false is in /etc/shells
Every problem has at least one solution. Only some solutions are harder to find.
Honored Contributor
Jeff Schussele
Posts: 6,795
Registered: ‎02-18-2002
Message 8 of 8 (68 Views)

Re: Deny telnet for a user

Hi Alleva,

Easiest way to do this is with tcp-wrappers available here:

http://hpux.cs.utah.edu/hppd/hpux/Networking/Admin/tcp_wrappers-7.6/

Using inetd.sec you can only go to the host or subnet level. TCP-wrappers allows you to extend the granularity to the user level.

HTH,
Jeff
PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.