I got several responses and thank you to all. The response that worked for
me was simply specifying /bin/false as the user's shell. I knew about this
shell, but I did not know it would only disallow telnets and not ftp's. But
I tested it and it does exactly that. Thanks to everyone!
Below are snippits of the responses I received:
***
>From Chad:
1. They can't telnet in if their valid shell is /bin/false (or /bin/true)
2. Look at TCPwrappers.
***
>From Miguel:
Tipically setting /bin/false as the user's shell will do
the trick. Just make sure /bin/false is included in /etc/shells.
***
>From Matt:
Just give the users /bin/false for a shell. For those that you want to be
able to ftp in, make a copy of /bin/false (/bin/false-ftp or something)
and put it into /etc/shells. Those with /bin/false won't be able to log
in or use ftp, and those with /bin/false-ftp can use ftp but can't log in.
***
>From Glenda:
Just use Host.allow to allow or deny users to use telnet.
You will have to go by IP addresses to determine each user.
***
>From Larye:
Install tcp-wrappers (tcpd) and configure daemon/client pairs in the
/etc/hosts.deny file for specific users at specific hosts, or whole
host/domain patterns.
Get TCP wrappers from:
ftp://cert.org/pub/tools/tcp_wrappers/
***
>From Andrea:
Hy,
if you want that some users can connect only via ftp and not via
telnet and/or ssh or similar just change in the /etc/passwd the
shell field of the user to /bin/false
Also add the /bin/false in the shell file /etc/shells
***
Kim Roy
UNIX Consultant, ITD
-----Original Message-----
From: Roy, Kim
Sent: Thursday, February 10, 2000 5:02 PM
To: tru64-unix-managers_at_ornl.gov
Subject: can i disallow telnets per user?
Hello admins,
Is it possible to disallow telnet on a per-user basis? I am running Tru64
v4.0e and v4.0f. I do not however wish to disable ftp, just telnet for
certain users. Is there something similar to the ftpusers file for telnet?
Thanks in advance.
Kim Roy
UNIX Consultant, ITD
Received on Fri Feb 11 2000 - 19:18:37 NZDT