General :: Disable Telnet And Ssh For A Specific User?
Nov 12, 2010
I am looking for a way to deny telnet and ssh to one specific user. So far I've only tested with telnet and my attempts have been limited to various hosts.deny entries:
in.telnetd : user@server
in.telnetd : user@server.domain.com
in.telnetd : user@IP_address
in.telnetd : user@.domain.com
None of these work. The only thing I've found that does work is:in.telnetd : IP_addressBut this is only a semi-viable solution because we will soon have multiple logins for the one username from different servers and sub-nets. Ideally, I'd like to be able to deny telnet and ssh access to this username regardless of where the login originates. I suppose it would be possible to specify each server IP, but that'll be a bear to maintain
View 7 Replies
ADVERTISEMENT
Oct 5, 2010
I am using Red Hat LDAP (version 3) and I have passwordLockout set as "on" at global level. Is there a way to disable account lockout for a specific user?
View 1 Replies
View Related
Jul 20, 2011
From Linux client end I can easily telnet to a remote Linux server easily , Like :
[root@apps1 ~]# telnet 192.168.1.14
Trying 192.168.1.14...
Connected to 192.168.1.14 (192.168.1.14).
Escape character is '^]'.
catalog.aibl.com (Linux release 2.6.18-8.el5 #1 SMP Tue Jun 5 23:25:19 EDT 2007) (1)
login:
But I want to disable the "telnet" command from the client end , so that I cannot telnet to a remote linux server from the Linux client end
View 7 Replies
View Related
Jan 25, 2011
If I only want to let a user be able to login via telnet a max number of times equal to 2 how would I go about doing this?I have found this little tid bit:per_source = 2but that only allows 2 connections from the same source (i.e. network) and that would not work. For some reason our telnet sessions are not dying off after a user has shutdown their PC and then the next time they login it adds another telnet session.
1. user1 31300 /dev/pts/409
2. user1 27539 /dev/pts/539
3. user1 18042 /dev/pts/316
[code]....
View 4 Replies
View Related
Oct 5, 2010
How do I disable and change the user password using SSH on a Linux
View 3 Replies
View Related
Jun 8, 2010
How do I give permission to a logged in user to stop/start a specific service without entering a root/sudo password? So they can do a simple "service SomeService stop|start" It is for a headless Ubuntu server.
View 5 Replies
View Related
Jun 9, 2010
my system I want user1 and only user1 to be able to mount and unmount a specific partition, this partition contains backups and is usually mounted read only, needs to be temporarily mounted read/write by user1 while doing the backup.user1 is an unprivileged user. I've read that the user option will let any user mount the file-system (and only that user can then subsequently unmount it) and that the users option allows any user to mount or unmount the file-system.I also found this in mount's man pageQuote:The owner option is similar to the user option, with the restriction that the user must be the owner of the special file. This may be useful e.g. for /dev/fd if a login script makes the console user owner of this device. The group option is similar, with the restriction that the user must be member of the group of the special file.So it looks like I'd need a login script for that user to make the user owner of the device file (/dev/voiceserv/backup in this case)
View 7 Replies
View Related
Oct 13, 2010
I have a question about telnet.Is there any way to configure a telnet server without disable firewall.I am using redhat 5.2 and fedora 12.I have lack of knowledge about firewall.
View 1 Replies
View Related
Sep 12, 2009
how to enable and disable these services: FTP,Email,Web server,Firewall,Telnet,LAN? Is there any general way to manage services?
View 1 Replies
View Related
Apr 18, 2010
I have a need to run a specific app as a specific user when the machine boots into init 3. I can not run this as root so I need to specify a user. Can someone tell me how to accomplish this?I usually have to log in and start this application by typing check -D which starts this app and daemonizes it. I want to be able to run that at boot with my normal user not root.I hope I explained this correctly.I have added it to rc.local but it runs as root.
View 3 Replies
View Related
Jan 13, 2011
i have created a file (by root user) called test.txt. Then i created a user bob. Now i want only bob to read/write/execute this file and no other user shall have any permission on it.
View 3 Replies
View Related
Oct 27, 2010
So right now VNC is starting a session using :1. When I connect to that session, the terminal is logged in as root. I'd like for the terminal to be logged in as a different user as some of my end users are going to be using this and don't require such privileges. I found that I can "su" to a different user and start a new VNC daemon on :2 and when I connect to that session, the terminal is logged in as that user. What I want to do is get that to run at boot-up.
View 4 Replies
View Related
May 25, 2010
i wonder, why nobody has written about it ...
How can i grant permission for files to specific user or specific group ??
Updated:
We have 3 groups: "g12" ("u1" and "u2), "g34" and "g56".
"g12" should only read the file.
"g34" should write and read it.
"g56" should have all permissions (rwx).
And others should not access the file at all.
View 3 Replies
View Related
Aug 1, 2011
It should not have any /home/. It only can access a folder and that folder is home default for this account.
Details about my usage: We have a simple folder which contains demo code and we want to create a user to read this folder only
View 2 Replies
View Related
Jun 19, 2010
I run the openssh daemon on port 22 and have the proftp running on port 21. I would like to block SSH for a specific user.I use proftpd.I would like to prevent the SSH access for this user and leave the FTP working for this user specific.Into /etc/passwd, I tried to change the /bin/bash to /bin/false, but this blocks both SSH and FTP access for this account.
View 3 Replies
View Related
Apr 9, 2010
Im trying to add users to my nfs server with a specific home directory that already exists. Can this be done? I've done some research on google and other forums but cant seem to find the answer.
View 7 Replies
View Related
Jan 17, 2011
I did some digging on the sudo command and I do know the config file is /etc/sudoers Read the manual for sudoers and found out that I must use visudo to edit the file I read some of the examples at the bottom of the file and tried entering my own account in following the example. one of the commands I was trying to allow my account to perform without root login is the mount command So I tried adding this in (kreid8 /bin/mount ALL) I then saved & exited the file and logged out of root and tried sudo mount -t vfat /dev/sdc1 /media. I got an error saying I had to be root in order to do that But when I use the visudo -l option it shows that I have that privellege. Did I edit the file incorrectly?
View 6 Replies
View Related
Oct 11, 2010
I have two machines between which I need to share a folder.On server1, I have the user 'appuser' that needs to access (read/write/delete) on this share.On server2, 'root' accesses this share and writes to it.I have the following in /etc/exports on server1:/home/app-share 999.999.99.99/28(rw,insecure,sync,no_root_squash)where the number is the IP address. How can I change this to allow 'appuser' access?
View 1 Replies
View Related
Feb 4, 2011
allow specific user permission to read/write my folder
I have a folder called /TAR/Sketch
I added a new user, named Snoopy, I want to grant this user the ability to add files & directories to this folder which is under the group Sketches and the owner is me.
How can I accomplish this ?
View 1 Replies
View Related
Aug 8, 2011
How can I mount a device with specific user rights on start up? I still have some problems figuring it out. I would like to mount the divide with uid=1000 and gid=1000. My current entry to the /etc/fstab/ file looks like this:
dev /var/www vboxsf rw, suid, dev, exec, auto, nouser, async, uid=1000
View 1 Replies
View Related
Nov 25, 2009
Can advise if I want to have a alert message when a specific user is login to the system , what can I do ? that mean if a specific is login to system then send me a alert message ( by any way ) to inform me the user is login , what is the method ?
View 7 Replies
View Related
May 26, 2010
I'm trying to do something like thisi created a group called www and made this group the owner of the directory/var/www/htmlso i can read and write to it.of course I've add my self to this group, but it seems i can't read and write.the syntax i used was something like chown :www /var/www/html.didn't workonly when i used chown samurai:www /var/www/html i could finally could create new file.the reason i don't want to specify the user name is because I'm thinking of a scenario when i need to give permission to a large group of ppl and don't want to do it user by user.
View 5 Replies
View Related
Jan 26, 2011
I am using CentOS 5.5 and I created few users (useradd john etc.) and now I want to assign privileges to this user on some directories and files in those directories. For example I want to give read privileges to directory "/documents" and all of files under that directory.
View 13 Replies
View Related
Apr 15, 2010
Does any body knows how to disable the root login to the GUI , like i am running my redhat server on runlevel 5 and i dont need tht root to get login to the GUI , i ma talking about redhat 5.
View 2 Replies
View Related
Aug 10, 2011
Is there a non-root shell command that can tell me if a user's account is disabled or not? note that there is a fine distinction between LOCKING and DISABLED:
LOCKING is where you prepend ! or * or !! to the password field of the /etc/passwd file. On Linux systems that shadow the passwords, this marker flag may be placed in /etc/shadow instead of /etc/passwd. Password locking can be done (at a shell prompt) via password -l username (as root) to lock the account of username, and the use of the option -u will unlock it.
DISABLING an account is done by setting the expiration time of the user account to some point in the past. This can be done with chage -E 0 username, which sets the expiration date to 0 days after the Unix epoch. Setting it to -1 will disable the use of the expiration date.
The effect of locking to to prevent the login process from using a supplied password to hash correctly against the saved hash (by virtue of the fact that the pre-pended marker character(s) are not valid output character(s) for the hash, thus no possible input can ever be used to generate a hash that would match it). The effect of disabling is to prevent any process from using an account because the expiration date of the account has already passed.For my situation, the use of locking is not sufficient because a user might still be able to login, e.g. using ssh authentication tokens, and processes under that user can still spawn other processes. Thus, we have accounts that are enabled or disabled, not just locked. We already know how to disable and enable the account - it requires root access and the use of chage, as shown above.To repeat my question: is there a shell command which can be run without root privileges which can output the status of this account expiration info for a given user? this is intended for use on a Red Hat Enterprise 5.4 system.The output is being returned to a java process which can then parse the output as needed, or make use of the return code.
View 2 Replies
View Related
Apr 27, 2011
Can anyone shed some light in this? Using Fedora 14-64, new install, 185 Opteron x 2 gig ram, sata hard drives formatted Ext4.However, in my home directory I have a folder for all my digital photos of which I have more than 20,000, and in another folder I have images and clipart of which I have almost 8,000. That is a lot of read only access to a significant number of files in my home directory.
How can I tell Fedora to not update the LAST ACCESS TIME of those files (specifically images) that will never actually be changed other than just being read. I want to leave that feature enabled for the rest of my home directory. I am trying t; improve my disk performance in Nautilus because whenever I access the folders with my images the system literally slows to a crawl and sometimes even the mouse stops working for several minutes until Nautilus has finished having its heart attack.
View 6 Replies
View Related
May 17, 2011
11.04 64 bit I just picked up a new high-gain usb wireless adapter that I would like to use for a while in place of the built in wireless adapter in my desktop. It is detected and works just fine. My question is this: Is there any way I can disable just the built in adapter and leave the new one active (or visa versa?) I don't want to remove the built-in one as there will be occasions that I will want to use both.
View 6 Replies
View Related
May 26, 2011
When I run OpenVPN server - tap0 adapter, it breakes Teredo(Miredo) IPv6 address down. I dont need IPv6 on OpenVPN, so is there any way to disable IPv6 on tap0 completely?
View 2 Replies
View Related
Apr 10, 2011
Now that IPv6 is becoming more and more common, I found the need to disable IPv6 on some interfaces but have it enabled on other. I found that /proc/sys/net/ipv6/conf/*/disable_ipv6 does exactly that. I am now wondering if anybody knows, why are networking scripts so counterintuitive. /etc/sysconfig/network has an option:
NETWORKING_IPV6=yes
All this option does is disable some ipv6 services (dhcpv6...), it does not disable IPv6 in whole (as one would assume...that's why you had to disable it with module parameters). Searching for more IP6 related config option, one can find that /etc/sysconfig/network-scripts/ifcfg-* scripts can contain:
IPV6INIT=yes
Again, this option does not disable IPv6 protocol on the interface, it just skips running ifup-ipv6/ifdown-ipv6 scripts. I added a /sbin/ifup-pre-local. Now, this script runs before ethX entries are created (other scripts run when it's already too late) in /proc directory, so it modifies default values which are then used after those entries are created:
#!/bin/bash
#
[ -f "/etc/sysconfig/network-scripts/$1" ] && . /etc/sysconfig/network-scripts/$1
[code]...
View 1 Replies
View Related
Feb 18, 2010
I am trying to find the difference between the above two services. Both are under xinetd and can someone please explain the difference between them (is one more secure than the other one?)
View 1 Replies
View Related
