Newsgroups: comp.unix.wizards
Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!wuarchive!uunet!mnemosyne.cs.du.edu!isis.cs.du.edu!jscott
From: jscott@isis.cs.du.edu (James Scott)
Subject: Re: Limiting Telnet Access
Message-ID: <1991Jun4.230509.3655@mnemosyne.cs.du.edu>
Keywords: 3b2 telnet
Sender: usenet@mnemosyne.cs.du.edu (netnews admin account)
Reply-To: jscott@isis.UUCP (James Scott)
Organization: Nyx, Public Access Unix (sponsored by U. of Denver Math/CS dept.)
References: <27103@adm.brl.mil>
Date: Tue, 4 Jun 91 23:05:09 GMT


In article <27103@adm.brl.mil> you write:
=> We have a 3B2 running Wollongon TCP/IP.  We need to limit telnet access
=> for some users, but NOT through disabling their accounts.

I thought we were the only one with problems with that setup
(I thought we were the only ones that still _Had_ that setup)

Anyway, this is our solution:
1.) Make a group called 'telnet'.
2.) chgrp telnet /usr/bin/telnet .
3.) chmod o=,gu=rx /usr/bin/telnet .
4.) Edit your /etc/group file, adding the login names of users who 
	can use telnet into the last field seperated by commas.
5.) For someone to use telnet, they must first type the command

	$ newgrp telnet
and _then_
	$ telnet

NOTE: the newgrp command CAN NOT be used in a shell script.
k
This worked quite well for us until our kernel bit the dust... Ever
tried to mix UNIX versions on a 3B2?  Anyway, I asked this same question
over the net a couple months ago, and the answers I received follow.  
_PLEASE_ let me know how you solve your problem...  


==========================================================================
James Scott                                 /* jscott@gwhs.colorado.edu */
George Washington H.S., Denver		             jscott@isis.cs.du.edu
							 gwhs@teal.csn.org
==========================================================================