[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 402
  • Last Modified:

Removing access to the Terminal Window

I have an environment where users log onto a Solaris 10 system using JDS and i would like to remove access to the Terminal Window. Is there a way to do this  without disabling the ability to actually logon?
0
mritwonderful
Asked:
mritwonderful
  • 4
  • 3
1 Solution
 
btanExec ConsultantCommented:
May want to see if this help - key is to disable xdmcp. E.g. setting Remote Services enabled to no will load generic_limited_net.xml limiting all remote networking services to the localhost except for secure shell.

http://www.softpanorama.org/Xwindows/Xdmcp/enabling_xdmcp_in_solaris_10.shtml

related - dtlogin is disabled by running it on port 0 instead of the default port 177
http://www.sunmanagers.org/pipermail/summaries/2007-September/008300.html
0
 
mritwonderfulAuthor Commented:
Breadtan,

I'll look into those links some more but i do not think they will help me achieve what I'm looking to do. I am running sunray services and all of my users access the solaris server using thin clients. I want the users to be able to login to the server using JDS but i do not want them to be able to open a terminal window. I'm trying to lock things down so users cant run anything from the command line.
0
 
btanExec ConsultantCommented:
Thanks for sharing. I am wondering if Controlled Access Mode (CAM) in Kiosk Mode (link) will fit the use case,
- CAM Chooser Application (link)
- CAM Mode going into restricted jds (link)
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
mritwonderfulAuthor Commented:
breadtan,

I'm using Solaris 10 Trusted Extension and my users need to be able to logn and access multiple zones. I need to lock down the terminal in each zone. I'm thinking this would only work on a system that just has a Global zone and not multiple non-global zones.
0
 
btanExec ConsultantCommented:
I was reading some material and such extension has label e.g. Classification Labels and Sensitivity Labels are associated with a specific zone. When users log in to a zone, any processes and files that are accessed or created in that zone are set to the Classification and Sensitivity Label assigned to that zone. And if the host does not have Solaris Trusted Extensions, it will only be bind to a specific single label. This means that the host will be able to connect only to a single zone on the Solaris Trusted Extensions system, assuming it is trying to remote into the extension system. This then defeats your intent for multiple zones login.

So if user is to login into trusted extension and logged in to a multilevel session. May not be able to prevent use of JDS but maybe at restrict the data transfer btw label such as below http://docs.oracle.com/cd/E18752_01/html/819-0868/ugelem-16.html#ugtour-23

There is also mention of Application Manager Security which I am wondering restricting other apps to further lockdown only basic apps to limit user actions
http://docs.oracle.com/cd/E18752_01/html/819-0868/ugelem-42.html#ugelem-24
0
 
mritwonderfulAuthor Commented:
I was able to remove access to the terminal by changing its permissions and removing everyones access to the file by changing the group access only.
0
 
mritwonderfulAuthor Commented:
This was the only viable solution to my question.
0

Featured Post

New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now