Restrict Specific Users for using rsh,rcp,ftp Commands

[aixsupport]

Hi,

I would like to restrict specific users to do not allow them to use rsh,rcp,ftp COMMANDS in AIX 4.3.3.please advise me on this.

Thanks in advance

AIX SUPPORT

 

[vivek1712]

Make entry of user ids whom u want to restrict from using ftp in /etc/ftpusers .. this will stop those users from using ftp.
--------------------------------------------------

The securetcpip command provides enhanced security for the network. This command performs the following:

1. Runs the tcbck -a command, which disables the nontrusted commands and daemons: rcp, rlogin, rlogind, rsh, rshd, tftp, and tftpd. The disabled commands and daemons are not deleted; instead, they are changed to mode 0000. You can enable a particular command or daemon by re-establishing a valid mode.

2. Adds a TCP/IP security stanza to the /etc/security/config file. The stanza
is in the following format:
tcpip:
netrc = ftp,rexec /* functions disabling netrc */

Before running the securetcpip command, acquiesce the system by logging in as
root user and executing the killall command to stop all network daemons.

Attention: The killall command kills all processes except the calling process. If logged in or applications are running, exit or finish before executing the killall command.

After issuing the securetcpip command, shut down and restart your system. All of your TCP/IP commands and network interfaces should be properly configured after
the system restarts.

Best Regards,
vivek

 

[aixsupport]

Hi Vivek,

Thanks for ur help.for FTP it is ok.but about securetcpip command can we run this on control workstation we have
( RS6000 SP frames)and my doubt is if we put in netrc as a root and other super users can run those commands(rcp,rsh...) please advise me on this.

Thanks in Advance

AIX SUPPORT

 

[vivek1712]

Hi,

I hope this link will help u .

http://www.redbooks.ibm.com/redbooks/SG245521.html

Best REgards,
vivek

 

[aixsupport]

Hi Vivek,

Thanks for your help.


AIX support