Improve company productivity with a Business Account.Sign Up

x
?
Solved

Removing access to the Terminal Window

Posted on 2014-02-07
7
Medium Priority
?
406 Views
Last Modified: 2014-04-27
I have an environment where users log onto a Solaris 10 system using JDS and i would like to remove access to the Terminal Window. Is there a way to do this  without disabling the ability to actually logon?
0
Comment
Question by:mritwonderful
  • 4
  • 3
7 Comments
 
LVL 66

Expert Comment

by:btan
ID: 39844033
May want to see if this help - key is to disable xdmcp. E.g. setting Remote Services enabled to no will load generic_limited_net.xml limiting all remote networking services to the localhost except for secure shell.

http://www.softpanorama.org/Xwindows/Xdmcp/enabling_xdmcp_in_solaris_10.shtml

related - dtlogin is disabled by running it on port 0 instead of the default port 177
http://www.sunmanagers.org/pipermail/summaries/2007-September/008300.html
0
 

Author Comment

by:mritwonderful
ID: 39846306
Breadtan,

I'll look into those links some more but i do not think they will help me achieve what I'm looking to do. I am running sunray services and all of my users access the solaris server using thin clients. I want the users to be able to login to the server using JDS but i do not want them to be able to open a terminal window. I'm trying to lock things down so users cant run anything from the command line.
0
 
LVL 66

Expert Comment

by:btan
ID: 39846395
Thanks for sharing. I am wondering if Controlled Access Mode (CAM) in Kiosk Mode (link) will fit the use case,
- CAM Chooser Application (link)
- CAM Mode going into restricted jds (link)
0
Get 10% Off Your First Squarespace Website

Ready to showcase your work, publish content or promote your business online? With Squarespace’s award-winning templates and 24/7 customer service, getting started is simple. Head to Squarespace.com and use offer code ‘EXPERTS’ to get 10% off your first purchase.

 

Author Comment

by:mritwonderful
ID: 39861537
breadtan,

I'm using Solaris 10 Trusted Extension and my users need to be able to logn and access multiple zones. I need to lock down the terminal in each zone. I'm thinking this would only work on a system that just has a Global zone and not multiple non-global zones.
0
 
LVL 66

Expert Comment

by:btan
ID: 39861659
I was reading some material and such extension has label e.g. Classification Labels and Sensitivity Labels are associated with a specific zone. When users log in to a zone, any processes and files that are accessed or created in that zone are set to the Classification and Sensitivity Label assigned to that zone. And if the host does not have Solaris Trusted Extensions, it will only be bind to a specific single label. This means that the host will be able to connect only to a single zone on the Solaris Trusted Extensions system, assuming it is trying to remote into the extension system. This then defeats your intent for multiple zones login.

So if user is to login into trusted extension and logged in to a multilevel session. May not be able to prevent use of JDS but maybe at restrict the data transfer btw label such as below http://docs.oracle.com/cd/E18752_01/html/819-0868/ugelem-16.html#ugtour-23

There is also mention of Application Manager Security which I am wondering restricting other apps to further lockdown only basic apps to limit user actions
http://docs.oracle.com/cd/E18752_01/html/819-0868/ugelem-42.html#ugelem-24
0
 

Accepted Solution

by:
mritwonderful earned 0 total points
ID: 40016654
I was able to remove access to the terminal by changing its permissions and removing everyones access to the file by changing the group access only.
0
 

Author Closing Comment

by:mritwonderful
ID: 40025537
This was the only viable solution to my question.
0

Featured Post

Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

To share tips on how to stay ALERT and avoid being the next victim - at least not due to your own poor cyber habits and hygiene!
In computing, Vulnerability assessment and penetration testing are used to assess systems in light of the organization's security posture, but they have different purposes.
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

608 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question