How about if let say i put my script on the /etc/passwd which replace /bin/bash. What will happen if i don't have any default shell?
"James P. Roberts" wrote: > > > I can't turn off telnet/rlogin services because i'm restrict certain > > user only. > > > > "Taylor, ForrestX" wrote: > > > > > > > From: Jason Lim [mailto:[EMAIL PROTECTED]] > > > > > > > > Hi all, > > > > > > > > I'm using Redhat 7.1 as my Application server. I have develop an > > > > inventory application for my customer. What my qustion is I'm > going to > > > > create an user which can only access from my own application but > then > > > > cannot access from telnet or rlogin..? > > > > Please advise. > > > > Thanks. > > > > > > Either use a firewall and only allow the ports that your application > is > > > using, or simply turn off telnet/rlogin. > > > > > > Forrest > > My suggestion would be to use xinetd to listen on the appropriate > port(s), and hand off to the custom application after validating the > user. I'm pretty sure xinetd can do that, although the term > "TCP-wrappers" also comes to mind -- Could someone kindly kick-start my > brain on that? IIRC, you compile xinetd with TCP-wrappers support, and > specify in the corresponding xinetd configuration file (which will be a > file with same name as the desired service, placed in /etc/xinetd.d/) > which users are permitted what level of access to that service. Make > sure xinetd is enabled at boot time, and also make very sure that you > have disabled any xinetd services that you do not want running! > (Typically by setting "disable = yes" in, or by deleting, the > corresponding files in /etc/xinetd.d). > > This can also be used to restrict access to rlogin and telnet, if I am > not mistaken. > > The suggestion to lock down all unused ports with a good firewall is > also an excellent suggestion. I recommend iptables; it is the newest, > most flexible, and most powerful of the Linux firewalls, that I am aware > of (it replaces the older ipchains, and still older ipfwadm). If you > are responsible for a Linux server, I strongly recommend learning this > technology. > > Regards, > Jim > > _______________________________________________ > Seawolf-list mailing list > [EMAIL PROTECTED] > https://listman.redhat.com/mailman/listinfo/seawolf-list _______________________________________________ Seawolf-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/seawolf-list
