Bay Networks 6300 Supplement Manual page 362

Chapter 15 Using RA 6300 Security
Remote Annex 6300 Supplement to the Remote Annex Administrator's Guide for UNIX
A-334
To disable the CLI who and su commands for all users that enter the
system through ACP security, modify the definition line to read:
#define CLI_MASK (unsigned long) (MASK_WHO | MASK_SU)
You can extend this to any set of commands by adding masks to that line
separated by the vertical bar (|).
If the user enters the masked command, the CLI displays an error
message. The superuser CLI commands cannot be masked individually.
They can all be disabled by masking the su command.
Superuser CLI mode overrides ACP command masking.
You can disable several other CLI commands in the same way:
/* define bit to disable each maskable CLI command*/
#define MASK_BG
#define MASK_CALL
#define MASK_FG
#define MASK_HANGUP
#define MASK_HELP
#define MASK_HOSTS
#define MASK_JOBS
#define MASK_KILL
#define MASK_NETSTAT 0x00000100
#define MASK_RLOGIN
#define MASK_STATS
#define MASK_STTY
#define MASK_TELNET
#define MASK_WHO
#define MASK_LOCK
#define MASK_SU
#define MASK_SLIP
#define MASK_CONNECT 0x00020000
#define MASK_SERVICES 0x00040000
(continued on next page)
0x00000001
0x00000002
0x00000004
0x00000008
0x00000010
0x00000020
0x00000040
0x00000080
0x00000200
0x00000400
0x00000800
0x00001000
0x00002000
0x00004000
0x00008000
0x00010000
Book A