Xref: utzoo alt.security:2290 comp.unix.admin:1670
Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!wuarchive!uunet!stanford.edu!leland.Stanford.EDU!news
From: tonytran@leland.Stanford.EDU (Tony)
Newsgroups: alt.security,comp.unix.admin
Subject: security question on a modem pool server
Message-ID: <1991Apr24.182119.7734@leland.Stanford.EDU>
Date: 24 Apr 91 18:21:19 GMT
Sender: news@leland.Stanford.EDU (Mr News)
Followup-To: poster
Organization: Stanford University - AIR
Lines: 13

I maintain a modem pool server which supports a number of groups.
This server is on NIS which is not under my control. 
Is there a way to only allow certain users to use tip(1c) while
disallow other?  (duplicating NIS password to local password is
currently not possible).  
I would like this system to accept dial in, and "rlogin" to other
systems, but won't allow people to rlogin(1), ftp(1c) or telnet(1c) 
to it. Is it sufficient to comment out ftp, telnet, and login entry 
in /etc/inetd.conf and remove in.telnetd, in.ftpd, and in.telnetd? 
Is there any other security holes that I need to plug?
 
Thanks,
Tony