Solved

Telnet login

Posted on 2000-02-21
6
375 Views
Last Modified: 2010-04-21
How can I restrict some groups of users to user Telnet service ?

Andrew
0
Comment
Question by:andrewyu
6 Comments
 
LVL 21

Expert Comment

by:tfewster
ID: 2543528
Do you want to force them to use/prevent them from using telnet to connect TO your server (instead of ftp/rlogin/rsh) or do you want to prevent them from using telnet FROM yur server to ther hosts?
0
 
LVL 15

Expert Comment

by:samri
ID: 2544649
andrewyu,

  On some flavor of unix, you can put /bin/false at the login shell
 for example:
 To prevent user guest from getting to telnet to you machine just change the shell to /bin/false.
 
  guest:x:1003:10:Guest Login:/home/guest:/bin/false

  As for the group.  I'm not sure, I think that you have do the same thing to each and every one in that group.   Tedious huh.  Well you can write a simple script to do the updates.

good luck,

samri
0
 

Author Comment

by:andrewyu
ID: 2546861
Actually, I want to know how can I grant a group of user to use Telnt service ?

Andrew
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Accepted Solution

by:
ddavis42 earned 0 total points
ID: 2547426
If you are using wrappers, and the users are logging in from the same IP addresses each time, you can edit the /etc/netperm-table file and lock them out by excluding their IP addresses.  Kind of a brute force method, but it will work.
0
 
LVL 21

Expert Comment

by:tfewster
ID: 2549902
Create a list of users who are allowed telnet access, e.g. /etc/telnet.allow; Make sure only root can change this file;

Modify /etc/profile, to add the following lines

if [ -n `ps -ef |grep $PPID |grep telnetd` ]
#i.e. connected by telnet
then
      if [ -z `grep $LOGNAME  /etc/telnet.allow ]
      # i.e. user is NOT in the list of allowed telnet users
            echo "You are not allowed telnet access"
            #exit 0
      fi      
fi

After thorough testing, uncomment the "exit 0" line.

Note that this does not check for rlogin or rsh access
0
 

Author Comment

by:andrewyu
ID: 2550614
Thank you very much !

Andrew
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

My previous tech tip, Installing the Solaris OS From the Flash Archive On a Tape (http://www.experts-exchange.com/articles/OS/Unix/Solaris/Installing-the-Solaris-OS-From-the-Flash-Archive-on-a-Tape.html), discussed installing the Solaris Operating S…
I promised to write further about my project, and here I am.  First, I needed to setup the Primary Server.  You can read how in this article: Setup FreeBSD Server with full HDD encryption (http://www.experts-exchange.com/OS/Unix/BSD/FreeBSD/A_3660-S…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.

713 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question