Thanks to:
Wim Olivier <wim@na.co.za>
"Todd A. Fiedler" <tfiedler@yahoo.com>
"Marco Greene" <cmgreene@netcom.ca>
Dave McFerren <davem@china.solve.net>
Dennis Martens <MARTENSD@health.qld.gov.au>
Original question:
I need to be able to limit one user (the user is not root) to
login only from console, not from telnet, using rexec or some other
like that. Is there any way of doing this?
---------------------------------------------------------------------
#.profile of the user
if [ `tty` != '/dev/console' ]
then
echo "Access denied"
exit 1
fi
---------------------------------------------------------------------
1) From: Wim Olivier <wim@na.co.za>
Put a script testing for /dev/console in his .profile. If yes,
then do nothing, if ptty then exit. (this is about 2 lines
long).
2) From: "Todd A. Fiedler" <tfiedler@yahoo.com>
The only way I can think of doing this is to write a script that
acts as a wrapper to a shell. You could then have the script
check to see what device the user is logging in one, and if it is
not /dev/console, you could have it issue a warning message and
disconnect. Even better, you could write a small C program to do
this, it would be faster and probably more secure.
You would then need to place the script (or program) into the
passwd file as the user's shell (item 7 in the list).
Solaris seems to only support root console restriction.
3) From: "Marco Greene" <cmgreene@netcom.ca>
You can always disable telnet ftp rlogin.....in /etc/rpc and
/etc/services
4) From: Dave McFerren <davem@china.solve.net>
Try putting tcp wrappers on the daemons and make sure that his
login name is not allowed.
5) From: Dennis Martens <MARTENSD@health.qld.gov.au>
In the file /etc/default/login, put the entry:
CONSOLE=/dev/console
This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:12:44 CDT