How to disable only one user from running the telnet command

Posted on 2006-05-03
Last Modified: 2013-12-27
I have User A who connects to the company network via a VPN tunnel. He has been restricted to access only Server B via a telnet session.

Server B is running Solaris 9.

Once User A has connected to Server B via telnet, I would like to restrict him from running a telnet command to access other servers in the same LAN.

Is this possible? If yes, how can it be done?

Question by:wlseet

    Accepted Solution

    I would think that it would be possible by creating an ACL on the telnet executable that prevents that user from running it.

    setfacl -m u:theusername:--- /usr/bin/telnet

    Really the better way would be to make sure that user does not have permission to log into the other machines rather than limit access to the command.

    This will not help if you want to allow that user to telnet outside but not internally.
    LVL 34

    Assisted Solution

    Like birthstar suggests, you can put an ACL on /usr/bin/telnet and not allow User A to execute it. While you're at it, make sure User A cannot read it either, or they can just copy it to a directory where they have permissions and then mark it r-x and run it.

    Note that doesn't stop them from getting ahold of a telnet executable for Solaris 9 from elsewhere, and, if they have FTP access to Server B, FTPing the executable up to the server in a directory where they can set permissions and, again, flagging it appropriately and running it anyway. Or if Server B isn't running an FTP server, but User A can execute\read-copy-chmod /usr/bin/ftp, they can FTP the executable up to Server B.

    This is 2006 - no reasonable corporate network environment uses telnet for anything anyway.

    Author Comment

    Thanks for the help. Exactly what I was looking for.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Better Security Awareness With Threat Intelligence

    See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

    Attention: This article will no longer be maintained. If you have any questions, please feel free to mail me. Please see for the updated article. It is avail…
    FreeBSD on EC2 FreeBSD ( is a robust Unix-like operating system that has been around for many years. FreeBSD is available on Amazon EC2 through Amazon Machine Images (AMIs) provided by FreeBSD developer and security office…
    Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
    This tutorial goes over how to archive and restore FreeBSD jails that are managed by ezjail.

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    15 Experts available now in Live!

    Get 1:1 Help Now