I can't rcp, or rsh, from one (Solaris 9) server to another as root, but can
as another user. No doubt the reason is trivial, but it's eluding me!
Any suggestions gratefully received.
thanks
Neil
# whoami
# uname -a
SunOS server1 5.9 Generic_117171-09 sun4u sparc SUNW,Sun-Fire-V440
# rcp V7INST1 server2:/tmp
permission denied
# rsh server2 ls -l /tmp
permission denied
# su - informix
Sun Microsystems Inc. SunOS 5.9 Generic May 2002
$ cd /opt/informix
# rcp V7INST1 server2:/tmp
$ $ rsh server2 ls -l /tmp
total 16
-rw-r--r-- 1 informix informix 301 Oct 1 11:48 V7INST1
$
|
|
0
|
|
|
|
Reply
|
 Neil
|
10/1/2004 11:00:03 AM |
|
2004-10-1, 12:00(+01), Neil Truby:
> I can't rcp, or rsh, from one (Solaris 9) server to another as root, but can
> as another user. No doubt the reason is trivial, but it's eluding me!
> Any suggestions gratefully received.
[...]
From hosts.equiv man page:
M| Search Sequence
M| To help maintain system security, the /etc/hosts.equiv file
M| is not checked when access is being attempted for super-
M| user.
For root, you need to update /.rhosts
--
Stephane
|
|
|
0
|
|
|
|
Reply
|
Stephane
|
10/1/2004 11:20:58 AM
|
|
"Stephane CHAZELAS" <this.address@is.invalid> wrote in message
news:slrnclqfcq.15g.stephane.chazelas@spam.is.invalid...
> 2004-10-1, 12:00(+01), Neil Truby:
>> I can't rcp, or rsh, from one (Solaris 9) server to another as root, but
>> can
>> as another user. No doubt the reason is trivial, but it's eluding me!
>> Any suggestions gratefully received.
> [...]
>
> From hosts.equiv man page:
>
> M| Search Sequence
> M| To help maintain system security, the /etc/hosts.equiv file
> M| is not checked when access is being attempted for super-
> M| user.
>
> For root, you need to update /.rhosts
>
> --
> Stephane
Spot on, thank you.
|
|
|
0
|
|
|
|
Reply
|
Neil
|
10/1/2004 11:30:07 AM
|
|
Neil Truby wrote:
> "Stephane CHAZELAS" <this.address@is.invalid> wrote in message
> news:slrnclqfcq.15g.stephane.chazelas@spam.is.invalid...
>> 2004-10-1, 12:00(+01), Neil Truby:
>>> I can't rcp, or rsh, from one (Solaris 9) server to another as root, but
>>> can
>>> as another user. No doubt the reason is trivial, but it's eluding me!
>>> Any suggestions gratefully received.
>> [...]
>>
>> From hosts.equiv man page:
>>
>> M| Search Sequence
>> M| To help maintain system security, the /etc/hosts.equiv file
>> M| is not checked when access is being attempted for super-
>> M| user.
>>
>> For root, you need to update /.rhosts
>>
>> --
>> Stephane
>
> Spot on, thank you.
And another satisfied user is shown how to bypass the safeguards
so he can shoot himself in the foot...
--
Christopher Mattern
"Which one you figure tracked us?"
"The ugly one, sir."
"...Could you be more specific?"
|
|
|
0
|
|
|
|
Reply
|
Chris
|
10/1/2004 2:25:33 PM
|
|
"Chris Mattern" <matternc@comcast.net> wrote in message
news:JKidncuku_5A9cDcRVn-hw@comcast.com...
> Neil Truby wrote:
>
>> "Stephane CHAZELAS" <this.address@is.invalid> wrote in message
>> news:slrnclqfcq.15g.stephane.chazelas@spam.is.invalid...
>>> 2004-10-1, 12:00(+01), Neil Truby:
>>>> I can't rcp, or rsh, from one (Solaris 9) server to another as root,
>>>> but
>>>> can
>>>> as another user. No doubt the reason is trivial, but it's eluding me!
>>>> Any suggestions gratefully received.
>>> [...]
>>>
>>> From hosts.equiv man page:
>>>
>>> M| Search Sequence
>>> M| To help maintain system security, the /etc/hosts.equiv file
>>> M| is not checked when access is being attempted for super-
>>> M| user.
>>>
>>> For root, you need to update /.rhosts
>>>
>>> --
>>> Stephane
>>
>> Spot on, thank you.
>
> And another satisfied user is shown how to bypass the safeguards
> so he can shoot himself in the foot...
Well, the actual requirement is to (temporarily) direct ufsbackups to a
remote server. The root access is just a means to achieving this. What
"safer" alternative would you suggest?
|
|
|
0
|
|
|
|
Reply
|
Neil
|
10/1/2004 2:28:38 PM
|
|
2004-10-01, 10:25(-04), Chris Mattern:
[...]
>>> For root, you need to update /.rhosts
[...]
> And another satisfied user is shown how to bypass the safeguards
> so he can shoot himself in the foot...
Well, ssh being not installed by default on Solaris, it may
reveal to be the safest way to log as root remotly...
--
Stephane
|
|
|
0
|
|
|
|
Reply
|
Stephane
|
10/1/2004 2:32:06 PM
|
|
In article <slrnclqqj6.1pg.stephane.chazelas@spam.is.invalid>,
Stephane CHAZELAS <this.address@is.invalid> wrote:
> 2004-10-01, 10:25(-04), Chris Mattern:
> [...]
> >>> For root, you need to update /.rhosts
> [...]
> > And another satisfied user is shown how to bypass the safeguards
> > so he can shoot himself in the foot...
>
> Well, ssh being not installed by default on Solaris, it may
> reveal to be the safest way to log as root remotly...
Depends on what you mean by "default", and what release you're talking
about -- on both Solaris 9 and 10, it's in the "End User", "Developer",
and "Entire Distribution" (also +OEM) installs, which are the most
common selections, I'd think.
Cheers,
- jonathan
|
|
|
0
|
|
|
|
Reply
|
Jonathan
|
10/1/2004 3:57:09 PM
|
|
2004-10-01, 08:57(-07), Jonathan Adams:
[...]
>> Well, ssh being not installed by default on Solaris, it may
>> reveal to be the safest way to log as root remotly...
>
> Depends on what you mean by "default", and what release you're talking
> about -- on both Solaris 9 and 10, it's in the "End User", "Developer",
> and "Entire Distribution" (also +OEM) installs, which are the most
> common selections, I'd think.
[...]
Yes, sorry, I checked on a Solaris 8 system, OP mentionned
Solaris 9.
--
Stephane
|
|
|
0
|
|
|
|
Reply
|
Stephane
|
10/1/2004 4:01:08 PM
|
|
Neil Truby wrote:
> "Chris Mattern" <matternc@comcast.net> wrote in message
> news:JKidncuku_5A9cDcRVn-hw@comcast.com...
>> Neil Truby wrote:
>>
>>> "Stephane CHAZELAS" <this.address@is.invalid> wrote in message
>>> news:slrnclqfcq.15g.stephane.chazelas@spam.is.invalid...
>>>> 2004-10-1, 12:00(+01), Neil Truby:
>>>>> I can't rcp, or rsh, from one (Solaris 9) server to another as root,
>>>>> but
>>>>> can
>>>>> as another user. No doubt the reason is trivial, but it's eluding me!
>>>>> Any suggestions gratefully received.
>>>> [...]
>>>>
>>>> From hosts.equiv man page:
>>>>
>>>> M| Search Sequence
>>>> M| To help maintain system security, the /etc/hosts.equiv file
>>>> M| is not checked when access is being attempted for super-
>>>> M| user.
>>>>
>>>> For root, you need to update /.rhosts
>>>>
>>>> --
>>>> Stephane
>>>
>>> Spot on, thank you.
>>
>> And another satisfied user is shown how to bypass the safeguards
>> so he can shoot himself in the foot...
>
> Well, the actual requirement is to (temporarily) direct ufsbackups to a
> remote server. The root access is just a means to achieving this. What
> "safer" alternative would you suggest?
"ufsbackups"? You mean ufsdump? First off, use ssh/scp; it's in Solaris 9.
If it was me, I'd have ufsdump running as root write to named pipe readable
only by one non-root user, preferably one created for the purpose. Then
on the remote server, I'd ssh in as that user to read the pipe and copy the
data onto the remote. Use Blowfish cipher and compression to get good
performance. No need for root direct log in, and *much* more secure than
any use of rsh.
--
Christopher Mattern
"Which one you figure tracked us?"
"The ugly one, sir."
"...Could you be more specific?"
|
|
|
0
|
|
|
|
Reply
|
Chris
|
10/1/2004 6:17:10 PM
|
|
|
8 Replies
579 Views
(page loaded in 0.055 seconds)
Similiar Articles: Can't rcp etc as root, but can as other users - comp.unix.solaris ...I can't rcp, or rsh, from one (Solaris 9) server to another as root, but can as another user. No doubt the reason is trivial, but it's eluding me! A... how to enable passwordless access for rsh rcp - comp.unix.solaris ...Can't rcp etc as root, but can as other users - comp.unix.solaris ... how to enable passwordless access for rsh rcp - comp.unix.solaris ..... hosts.equiv so as to allow ... unable to rsh: permission denied - comp.unix.solaris'Access denied for user 'root' - comp.databases.mysql unable to rsh: permission denied - comp.unix.solaris Can't rcp etc as root, but can as other users - comp.unix ... mount problem - RPC program not registered. - comp.unix.solaris ...0:00 /usr/sbin/rpcbind Can you mount that server's shares from other client hosts? ... mount problem - RPC program not registered ... fs on hpux 11.0 through nfs nazca:root ... Where to put functions and aliases for root (Solaris 9)? - comp ...Can't rcp etc as root, but can as other users - comp.unix.solaris ... Where to put functions and aliases for root (Solaris 9)? - comp ..... PATH for > ONLY root, i.e., so ... 'Access denied for user 'root' - comp.databases.mysqlCan't rcp etc as root, but can as other users - comp.unix.solaris ... Root can't change a remote user's password ... passwd Permission denied We don't use NIS at all ... force prompt (PS1) on su - comp.sys.sun.adminCan't rcp etc as root, but can as other users - comp.unix.solaris ..... server2:/tmp permission denied # rsh server2 ls -l /tmp permission denied # su ... RPC-Program not registred while mounting ( solaris 10) - comp.unix ...Hi all, I am facing an error " RPC - Progrm not ... is not running . i tried to run this > daemon by " /etc ... to mount a solaris fs on hpux 11.0 through nfs nazca:root ... Solaris 10 defaultrouter: No default route is being set? - comp ...... is set up, even though we put a valid IP address in /etc ... Can you add the route manually, or does that fail as well? ... Do solaris users never do a recursive grep? - comp.unix ... passwd file problem,,,help - comp.unix.solarisI can't rcp,scp, ftp etc... a passwd file on to the server. :( Is there anyway around ... this ??? > > Thanks, > You did change the shell for all users inclusive root ? Can't rcp etc as root, but can as other users - comp.unix.solaris ...I can't rcp, or rsh, from one (Solaris 9) server to another as root, but can as another user. No doubt the reason is trivial, but it's eluding me! A... how to enable passwordless access for rsh rcp - comp.unix.solaris ...Can't rcp etc as root, but can as other users - comp.unix.solaris ... how to enable passwordless access for rsh rcp - comp.unix.solaris ..... hosts.equiv so as to allow ... 7/21/2012 9:42:16 PM
|
Search |
Post Question |
Groups |
Stream |
About |
Register
78 followers. 