Limiting Telnet Access

Bruce Sterling Woodcock woodcock at mentor.cc.purdue.edu
Thu Jun 6 17:49:09 AEST 1991


In article <1991Jun4.230509.3655 at mnemosyne.cs.du.edu> jscott at isis.UUCP (James Scott) writes:
>Anyway, this is our solution:
>1.) Make a group called 'telnet'.
>2.) chgrp telnet /usr/bin/telnet .
>3.) chmod o=,gu=rx /usr/bin/telnet .
>4.) Edit your /etc/group file, adding the login names of users who 
>	can use telnet into the last field seperated by commas.
>5.) For someone to use telnet, they must first type the command
>
>	$ newgrp telnet
>and _then_
>	$ telnet
>
>NOTE: the newgrp command CAN NOT be used in a shell script.
>k

I don't think this solves the problem.  Anyone with a little knowledge of
programming... hell, even with a little knowledge of ftp... can use their 
own copy of telnet or some other client to interface to the net.  Sure, it
may slow down some people at first, but once word gets out that so-and-so
has their own telnet program, you'll be right back to the same situation.

My advice:  If you want to restrict TCP/IP, remove your machine from the
network.  Restricting net access to the users is not a very sensible thing,
usually, or a nice one.  If you *do* want to restrict it, do some kernel
hacking.  I know of several universities that have restricted the network
system calls in this way.

Bruce

-- 
|    woodcock at mentor.cc.purdue.edu    | "That's Bruce for ya, always jumping | 
|       sirbruce at gnu.ai.mit.edu       |    on the bandwagon, even if it's    |
| sterling at maxwell.physics.purdue.edu |      running over him." -- Xeno      |
|   Bruce at Asylum/CaveMUCK/FurryMUCK   | "I view muds as dying." -- Firefoot  |



More information about the Comp.unix.wizards mailing list