Re: How do I create a locked down user account with only access to Ping?

From: Seth H Holmes (sholmes_at_dweezil.NOSPAMFORMEroute-fu.net)
Date: 05/23/03

• Next message: Seth H Holmes: "Re: my cdrom is acting up"
• Previous message: Joel Atkin: "Re: How to forward all e-mail from Solaris box to a ......."
• In reply to: Rob L: "How do I create a locked down user account with only access to Ping?"
• Next in thread: Rich Teer: "Re: How do I create a locked down user account with only access to Ping?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: 23 May 2003 13:34:41 GMT

In article <bakpkp$k1t$1@newstree.wise.edt.ericsson.se>, Rob L wrote:
> I want to create a User Account that does something similar to the
> following:-
> 1) Allow the User to Telnet to the Solaris 8 machine.
> 2) The user cannot Change Directory (cd), i.e. they cannot move out of their
> home directory. Ideally they wouldn't have a home directory.
> 3) Be able to run one command, ping.

One way, and I'm sure other folks will give many reasons why it's not
so good or will just have better ways, would be to create your own
shell script that only allows a user to execute ping. Then make that
scipt the user default shell. When they log in, it will automatically
execute and when they log out, it ends. Oh yeah, make the script so
they can ping and can log out.

Under linux, to do such a thing, you also have to add the new script
to /etc/shells but I don't know what the equivalent in Solaris is.

I've used this to create FTP accounts on my linux box that can still
ssh in (telnet is shut off) but can only change their password.

-- 
Seth H Holmes

---

• Next message: Seth H Holmes: "Re: my cdrom is acting up"
• Previous message: Joel Atkin: "Re: How to forward all e-mail from Solaris box to a ......."
• In reply to: Rob L: "How do I create a locked down user account with only access to Ping?"
• Next in thread: Rich Teer: "Re: How do I create a locked down user account with only access to Ping?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: remotely query group membership of machine via script/wmi ... > to make sure a particular user account is a member of the ... > administrators group on certain remote machines and I am hoping I can ... > use a script to do that. ... WScript.Echo "Could not ping the computer" ... (microsoft.public.windowsxp.wmi) Re: LDAP: automatical creation of user home directories? ... must be done during the step of creating the LDAP user account. ... before) a user is validated a script will check if the home directory ... progrm (script or perl or c) will create the users home directory. ... linking should be nessessary to pam because it is not using pam. ... (comp.unix.aix) Re: Im new to scripting a I working on a project that I need some help with. ... After that the script ... >> that the user account is not valid. ... > it to the Administrators group: ... If the user does not have it, maybe a RunAs solution ... (microsoft.public.scripting.vbscript) Re: Memory consumption PowerShell ... The mechanism of the Identity Management system (it is Novell Identity ... And we could initiate to run a script oout side the IDN 3.0. ... is the case we want to do, if a new user account was created. ... memory. ... (microsoft.public.windows.server.scripting) Re: Create New User and Home Directory ... Compile error: Invalid Inside Procedure ... The script can be modified to create home directories for existing users. ... program that modifies profilePath for users linked here: ... The script assigns values for home directory, ... (microsoft.public.windows.server.active_directory)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• Mailing-Lists
• Newsgroups
• About
• Privacy
• Search
• Imprint

unix.derkeiler.com  > Newsgroups  > comp.unix.solaris  > 2003-05