Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Banned Telnet on Sun Solaris 5.6 2

Status
Not open for further replies.
hawkeye71

hawkeye71

Technical User
Feb 9, 2001
45
0
0
US
I am new to SUN Solaris. I want that no one, except the root, have the previlige to telnet into a Sun machine. So I created a user, and kept it in the staff group, this is not a root gid. the uid for the user was also not '0'. However, the user were still able to telnet in to the Sun machine. I know about the inetd.conf file, it shows that only root can telnet with nowait.

In conclusion, I do not want anybody except the root to telnet into the Sun Machine.

Thanks for help.

Hawk
 
Sort by date Sort by votes
You need to create an /etc/ftpusers file. It's contents contains each user who should not have access to ftp on the system (one user per line).

I've also heard about an /etc/ftp.deny file as well, but have never tried it (I use /etc/ftpusers). Should this file work, then it stands to reason that simply creating an /etc/ftp.allow file with root as the only user in it would give only root access to ftp. This would be much simplier than specifiying each user in the ftp.deny or ftpusers files.

Hope this helps.

- Stuart
 
Upvote 0 Downvote
Stuart,

I don't understand your reply -- does the contents of ftp.deny and allow have any effect on telnet? Mike
michael.j.lacey@ntlworld.com
Email welcome if you're in a hurry or something -- but post in tek-tips as well please, and I will post my reply here as well.
 
Upvote 0 Downvote
Whoops! Please forgive my mistake :) I mistakenly gave you the instructions to deny ftp access and not telnet. So okay, the 'nowait root' section in the inetd.conf file does not mean that only root can telnet. That's standard and if I'm not mistaken just starts the telnet daemon using root.

One way you could deny telnet access to all but root is to put a trap (a small procedure/script) in /etc/profile to check if root is the telnet user. If not, the script would terminate the session, otherwise allow it. I'm sure there must be another way to do this but can't think of any rght now. Anybody else have any other ideas?

Sorry about the mistake earlier. Regards.

- Stuart
 
Upvote 0 Downvote
I don't quite follow,
if you want root and root only to login ( telnet rsh or whatever ) to the box
all you have to do is create a file called nologin in /etc
that will prevent all but root login's !
i hope this is what you mean !
 
Upvote 0 Downvote
Ah! Barazani beat me to it :) I did a little searching and that's right, create /etc/nologin and only root will be able to telnet into your system. The file (/etc/nologin) is just an empty file (contains absolutely nothing). If it exists the system will not accept any telnets other than root, if it's missing (default) then anyone with an account can telnet into your machine.

Thanks Barazani.

Regards.

- Stuart
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

arciua
  • Locked
  • Question
SUN Solaris 7: How to pin Workspace Menu?
Replies
0
Views
134
arciua
arciua
DTGMI
  • Locked
  • Question
Sun X4270 Server Alarm Won't Clear
Replies
0
Views
97
DTGMI
DTGMI
ZahidHaseeb1978
  • Locked
  • Question
Start /SYS on SUN SPARC does not start machine [SUN SPARC ENTERPRISE T-5240]
Replies
0
Views
90
ZahidHaseeb1978
ZahidHaseeb1978
austinramsay
  • Locked
  • Question
Solaris 10 install hanging at 3%.. Where to find log file, or ideas?
Replies
1
Views
120
AvayaTier3
AvayaTier3
MauroCMSVR
  • Locked
  • Question
Print as PDF file in Solaris System
Replies
0
Views
91
MauroCMSVR
MauroCMSVR

Part and Inventory Search

Sponsor

Back
Top