How to disable only one user from running the telnet command

Posted on 2006-05-03
Medium Priority
Last Modified: 2013-12-27
I have User A who connects to the company network via a VPN tunnel. He has been restricted to access only Server B via a telnet session.

Server B is running Solaris 9.

Once User A has connected to Server B via telnet, I would like to restrict him from running a telnet command to access other servers in the same LAN.

Is this possible? If yes, how can it be done?

Question by:wlseet

Accepted Solution

birthstar earned 300 total points
ID: 16595058
I would think that it would be possible by creating an ACL on the telnet executable that prevents that user from running it.

setfacl -m u:theusername:--- /usr/bin/telnet

Really the better way would be to make sure that user does not have permission to log into the other machines rather than limit access to the command.

This will not help if you want to allow that user to telnet outside but not internally.
LVL 34

Assisted Solution

PsiCop earned 75 total points
ID: 16601434
Like birthstar suggests, you can put an ACL on /usr/bin/telnet and not allow User A to execute it. While you're at it, make sure User A cannot read it either, or they can just copy it to a directory where they have permissions and then mark it r-x and run it.

Note that doesn't stop them from getting ahold of a telnet executable for Solaris 9 from elsewhere, and, if they have FTP access to Server B, FTPing the executable up to the server in a directory where they can set permissions and, again, flagging it appropriately and running it anyway. Or if Server B isn't running an FTP server, but User A can execute\read-copy-chmod /usr/bin/ftp, they can FTP the executable up to Server B.

This is 2006 - no reasonable corporate network environment uses telnet for anything anyway.

Author Comment

ID: 16601658
Thanks for the help. Exactly what I was looking for.

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When you do backups in the Solaris Operating System, the file system must be inactive. Otherwise, the output may be inconsistent. A file system is inactive when it's unmounted or it's write-locked by the operating system. Although the fssnap utility…
In tuning file systems on the Solaris Operating System, changing some parameters of a file system usually destroys the data on it. For instance, changing the cache segment block size in the volume of a T3 requires that you delete the existing volu…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
In a previous video, we went over how to export a DynamoDB table into Amazon S3.  In this video, we show how to load the export from S3 into a DynamoDB table.
Suggested Courses
Course of the Month9 days, 9 hours left to enroll

609 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question