[HPADM] RE: -SUMMARY- root login with remsh and securetty
From: Naylor, Jim (Jnaylor_at_Schnucks.com)
Date: 01/05/05
- Previous message: BAKHSHESH Kazem: "[HPADM] tcpdump for 10.20"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
To: "Hpux-Admin@Dutchworks. Nl (E-mail)" <hpux-admin@dutchworks.nl> Date: Wed, 5 Jan 2005 14:49:19 -0600
Thanks to all for the responses. Original question at bottom. Most agreed
that you just need to put an entry in root's .rhosts file as follows:
mainframe_name mainframe_user_name
This seem to work fine. I was under the assumption that this would not work
because of the securetty but that is not the case.
As pointed out by Eef Hartman:
remsh (but NOT rlogin) is restricted by the root users ".rhosts", not by
/etc/securetty (that is for INTERactive shells only!).
So if you put into the root .rhosts file JUST the single line
<mainframe.domain> root
then THAT machine can use "remsh" and "rcp", but still NO rlogin.
Rather than:
<mainframe.domain> root
I did:
<mainframe.domain> mainframe_user_name
Thanks Again,
-----Original Message-----
From: Naylor, Jim
Sent: Tuesday, January 04, 2005 1:31 PM
To: Hpux-Admin@Dutchworks. Nl (E-mail)
Subject: [HPADM] root login with remsh and securetty
Hello All,
I have been searching the archive but cannot seem to find an answer. We are
running HP-UX 11.0 and have in the file /etc/securetty is one entry
"console". As you all know this is to restrict direct root login to the
console only. What I need to be able to do is allow a remsh from our
mainframe as root but from nowhere else. We are trying to use our mainframe
as a job scheduler which is quite effective as long as none of the jobs
require root to run them. We have a half dozen jobs that do require root to
run them. I was hoping there was a option in securetty or some other method
to specify a single remote system to login as root and still maintain
restrictions from any other. Unfortunately I have not been able to find a
way to do this, thus I post the question to list. Is this possible?
Thanks,
Jim Naylor
Unix/Storage Systems Administrator
Schnuck Markets, Inc.
* Direct (314) 994-4784
))( Cell (314) 691-0186
Fax (314) 994-4684
* E-Mail jnaylor@schnucks.com
--
---> Please post QUESTIONS and SUMMARIES only!! <---
To subscribe/unsubscribe to this list, contact
majordomo@dutchworks.nl
Name: hpux-admin@dutchworks.nl Owner:
owner-hpux-admin@dutchworks.nl
Archives: ftp.dutchworks.nl:/pub/digests/hpux-admin (FTP, browse
only)
http://www.dutchworks.nl/htbin/hpsysadmin (Web, browse &
search)
--
---> Please post QUESTIONS and SUMMARIES only!! <---
To subscribe/unsubscribe to this list, contact majordomo@dutchworks.nl
Name: hpux-admin@dutchworks.nl Owner: owner-hpux-admin@dutchworks.nl
Archives: ftp.dutchworks.nl:/pub/digests/hpux-admin (FTP, browse only)
http://www.dutchworks.nl/htbin/hpsysadmin (Web, browse & search)
- Previous message: BAKHSHESH Kazem: "[HPADM] tcpdump for 10.20"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
|
