On Solaris 8 is there anyway to disable telnet for a particular user and not for entire system altogether?
I would like the user to retain a shell and so creating a noshell like ftp account is not an option.
On Solaris 8 is there anyway to disable telnet for a particular user and not for entire system altogether?
I would like the user to retain a shell and so creating a noshell like ftp account is not an option.
Make the default shell be /usr/bin/false. The /etc/passwd entry would look something like
user2:x:1234:4321:no telnet:/home/user2:/usr/bin/false
Also you can add the users entry in /etc/hosts.deny file to block the user.
Like I said, the user needs to retain a shell. Setting it to "false" doesnt serve my purpose.
I am curious what hosts.deny is, can you send me code for that file to disable a user?
I will investigate hosts.deny but it looks like it controls settings for hosts/IPs connecting to the server and not user accounts already on the system.
Aaa yeah, you're right mate, sorry, I've missed that...
---------- Post updated at 15:25 ---------- Previous update was at 15:00 ----------
This is one way you could do it, though I'm sure it's not the best:
Run script which will monitor established connections from specific user;
if a telnet connection from that user is found, kill that process id.
On FreeBSD I can find the appropriate pid using following command:
$ sockstat | grep ^user-to-find | grep telnet
user-to-find telnet 2107 3 tcp4 sourceip:sport targetip:23
$ kill 2107
sockstat -- list open sockets
Now you just need to find a proper sockstat alternative command for Solaris.
try in hosts.deny
in.telnetd : forbiddenuser@hostIP
This is interesting but this useraccount can come from multiple IPs. Can I user forbiddenuser@ALL instead so as to capture all host IPs?
in.telnetd : forbiddenuser@hostIP
*** I actually tried
in.telnetd : forbiddenuser@myhost but it still accepts telnet sessions with forbiddenuser....
Probably you also need to restart the inetd after the changes?
Before doing that, try
kill -HUP pid-of-inetd
This should reread the appropriate configuration files.
I tried kill -HUP and also reset the inetd...but doesnt help, I dont think this is the problem though.
I am still able to telnet from my host to server so hosts.deny is not working as expected.
bash-3.1# cat /etc/hosts.deny
in.telnetd : forbiddenuser@myhostname
is tcp_wrapper enable for (telnet) your system?
$ inetadm -l telnet | grep tcp_wrappers
output says enable or true ?
# inetadm -l telnet | grep tcp_wrappers
inetadm: not found
maybe your system older from solaris 10
then we let lookup for inetd prop
allright try this
svcprop -p defaults inetd
Its Solaris 8 as I mentioned in the first post.
# svcprop -p defaults inetd
svcprop: not found
Thanks to everyone helping me out.
Hmm ok
Then now for use tcp_wrapper in other version solaris like 7-8-9 and olders..
You must change the inetd (telnet) sdaemon conf because of tcp_wrapper enable so compatible
first you install tcpd and give the control its in inetd.conf..
I advice you must do it to sun document in below
BigAdmin Submitted Tech Tip: Configuring TCP Wrappers for the Solaris Operating System
Good luck
Desire succesfull
Regards ygemici