Solved

Telnet login

Posted on 2000-02-21
6
377 Views
Last Modified: 2010-04-21
How can I restrict some groups of users to user Telnet service ?

Andrew
0
Comment
Question by:andrewyu
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 21

Expert Comment

by:tfewster
ID: 2543528
Do you want to force them to use/prevent them from using telnet to connect TO your server (instead of ftp/rlogin/rsh) or do you want to prevent them from using telnet FROM yur server to ther hosts?
0
 
LVL 15

Expert Comment

by:samri
ID: 2544649
andrewyu,

  On some flavor of unix, you can put /bin/false at the login shell
 for example:
 To prevent user guest from getting to telnet to you machine just change the shell to /bin/false.
 
  guest:x:1003:10:Guest Login:/home/guest:/bin/false

  As for the group.  I'm not sure, I think that you have do the same thing to each and every one in that group.   Tedious huh.  Well you can write a simple script to do the updates.

good luck,

samri
0
 

Author Comment

by:andrewyu
ID: 2546861
Actually, I want to know how can I grant a group of user to use Telnt service ?

Andrew
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Accepted Solution

by:
ddavis42 earned 0 total points
ID: 2547426
If you are using wrappers, and the users are logging in from the same IP addresses each time, you can edit the /etc/netperm-table file and lock them out by excluding their IP addresses.  Kind of a brute force method, but it will work.
0
 
LVL 21

Expert Comment

by:tfewster
ID: 2549902
Create a list of users who are allowed telnet access, e.g. /etc/telnet.allow; Make sure only root can change this file;

Modify /etc/profile, to add the following lines

if [ -n `ps -ef |grep $PPID |grep telnetd` ]
#i.e. connected by telnet
then
      if [ -z `grep $LOGNAME  /etc/telnet.allow ]
      # i.e. user is NOT in the list of allowed telnet users
            echo "You are not allowed telnet access"
            #exit 0
      fi      
fi

After thorough testing, uncomment the "exit 0" line.

Note that this does not check for rlogin or rsh access
0
 

Author Comment

by:andrewyu
ID: 2550614
Thank you very much !

Andrew
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

I promised to write further about my project, and here I am.  First, I needed to setup the Primary Server.  You can read how in this article: Setup FreeBSD Server with full HDD encryption (http://www.experts-exchange.com/OS/Unix/BSD/FreeBSD/A_3660-S…
Every server (virtual or physical) needs a console: and the console can be provided through hardware directly connected, software for remote connections, local connections, through a KVM, etc. This document explains the different types of consol…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
In a previous video, we went over how to export a DynamoDB table into Amazon S3.  In this video, we show how to load the export from S3 into a DynamoDB table.
Suggested Courses

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question