Mike wrote: > > Hi > > My understanding is that if a user is added using the normal tools, > adduser or gui eqv., then each user, with out exception, assuming empty > hosts.allow/deny files, should have access via telnet and ftp. Correct. With nothing in /etc/hosts.allow or /etc/hosts.deny, a listening telnet/ftp deamon and a user account are all that's needed to connect. > Network packages > > I believe, and I should verify, all computers are using 'netkit'. Are > there others that perform the equivelent for linux os? The three Linux distributions that you mention have varying packages that you'll need to provide telnet and FTP. Under Mandrake, you'll need beroftp, telnet, and telnet-server. Under Red Hat, wuftpd and telnet. It's been awhile since I looked at packaging under Caldera, but the names are probably similar. Overall, though, after you get done installing, you'll want to verify that /usr/sbin/in.telnetd and /usr/sbin/in.ftpd (I think) exist. > Files associated with tcp wrappers that control access > > / etc/services > /etc/inetd.conf > /etc/hosts.allow > /etc/hosts.deny > /etc/ftpaccess /etc/services is ONLY a name->address mapper. /etc/inetd.conf isn't strictly part of TCP wrappers, but defines the currently active daemons that inetd will hand incoming processes off to. If /etc/inetd.conf is setup to start TCP wrappers for a specific daemon, then /etc/hosts.allow and /etc/hosts.deny are consulted before a full login is allowed. /etc/ftpaccess is a configuration file for the FTP daemon, but doesn't really have anything to do with TCP wrappers (again, unless you specify TCP wrapper use in /etc/inetd.conf for that daemon). > When any of these files are altered, which commands and their sequence > should they should be applied to stop and restart inetd in order to have > changes take affect? For alteration of services, inetd.conf, hosts.allow, and hosts.deny, you should send a HUP signal to inetd. Use either 'killall -HUP inetd' or '/etc/rc.d/init.d/inet restart'. Both accomplish the same thing. For ftpaccess, changes there should be recognized on the next login attempt. At least I've never noticed a change where I had to restart inetd for it. > are there user files associated that could restrict a user's access? Yes, you can setup time/day blocking, remote domain blocking, etc from the files in /etc/security. They seem to be pretty well documented. > Processes > > I saw from various messages that running ps would show all processes > being used. On my platforms I used ps -e. (I only state this in this > manner to help others who may come accross this string of messages. So, > please bear with a new adminstrator.) > > the mandrake box shows when ps -e command is used that tty1&2 are tied > to login. > > whereas caldera box shows tty1&2 are tied getty. No login command > associated with process, is this an indication that some process that I > need to have running isn't? Nope, just a difference in opinion on what programs they run to allow logins. Mandrake (and Red Hat) use mingetty. Caldera uses something called cgetty (can't say I've ever heard of it before). > I'm a little tired and may be running a little long on the keys here. I > would appreciate a response to my questions so far. Let me experiment > and learn. Then I will probably have more questions. Heh, you're doing fine. And those are really interesting questions that you've asked. I'm going to look into the user restrictions myself, they look useful. -- Steve Philp Network Administrator Advance Packaging Corporation [EMAIL PROTECTED]
