SUMMARY disabling telnet for a user

From: Vahid Moghaddasi (sunman@ureach.com)
Date: Fri Sep 22 2000 - 11:25:26 CDT


The following is some additional information which I received:
I will be using idled which seems to be the best.

Mark_Neill
Create a map with the userID's and hostnames that htey are
allowed to
 log
 into...for example:

 # ypcat -k authmap

 user1 :host1:host2:host3:
 user2 :host1:
 user3 :host2:host3:

 For each box you want to limit access to, touch
/etc/.sys-access

 In /etc/profile on each box, add the following scripting:

 # Sys-Access
 ###################################################
 if ( [ ! -f /etc/.sys-access ] ) then
         echo "Validating access to this system"

         grep "^${LOGNAME}:" /etc/passwd > /dev/null 2>&1

         if ( [ ${?} = 0 ] ) then
                 echo "Resident login"
         else
                 SYSNAME=`uname -n`

                 ypmatch ${LOGNAME} auto.sys-access 2>/dev/null
| grep
 ":${SYSNAME
 }:" > /dev/null 2>&1

                 if ( [ ${?} != 0 ] ) then
                         echo "${LOGNAME} does not have access
to this system."
                         exit 1
                 fi
         fi
 fi

Also Singh Adrian mentioned:
edit the users .profile (or .login if your that way inclined)

 put something like this in:

 if [`who -m|sed 's/ .*//'` = oracle ]
 then
         echo get lost: you can only su to this account
         exit 1
 fi

 you must of course make the .profile owned by root and not
allow
 writes to oracle

________________________________________________
Get your own "800" number - Free
Free voicemail, fax, email, and a lot more
http://www.ureach.com/reg/tag

S
U BEFORE POSTING please READ the FAQ located at
N ftp://ftp.cs.toronto.edu/pub/jdd/sun-managers/faq
. and the list POLICY statement located at
M ftp://ftp.cs.toronto.edu/pub/jdd/sun-managers/policy
A To submit questions/summaries to this list send your email message to:
N sun-managers@sunmanagers.ececs.uc.edu
A To unsubscribe from this list please send an email message to:
G majordomo@sunmanagers.ececs.uc.edu
E and in the BODY type:
R unsubscribe sun-managers
S Or
. unsubscribe sun-managers original@subscription.address
L To view an archive of this list please visit:
I http://www.latech.edu/sunman.html
S
T



This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:14:18 CDT