"The Linux Gazette...making Linux just a little more fun!"


(?) The Answer Guy (!)


By James T. Dennis, answerguy@ssc.com
Starshine Technical Services, http://www.starshine.org/


(?) 'rsh' as 'root' Denied

From Walt Smith on Thu, 24 Dec 1998

(?) hi,

I can run a program using rsh as 'user' on the same pc. i.e. rsh pcname ls (or thereabouts) It won't run as 'root'.

There is one file that is supposed to be used as a config if running as root. It makes no difference. Do I need to recompile rsh wil a particular option?

(!) You probably won't need to recompile it.
The most common version of 'in.rshd' that's included with Linux will allow you to invoke it with the -h option (added to the appropriate line in the target system's /etc/inetd.conf file) to over-ride this restriction. If you're using Red Hat with PAM then you'll have to consider reconfiguring the appropriate file under /etc/pam.d/ to remove the option that prevent root access therein (I don't have that configuration file handy since I'm not using PAM on any of my boxes at home, at this point).
All of this is in the man pages (in.rshd for the daemon).
I'll go on record to recommand that you ban 'rsh' and 'rlogin' from your networks completely --- using 'ssh' instead. Later, when we have ubiquitous deployment of IPSec (transport layer security for TCP/IP) and Secure DNS (the ability to digitally sign and authenticate hostname/IP records) it may be acceptable to re-introduce these protocols.... maybe.

(?) regards,

Walt...in Baltimore respond to XXXXXXX@bcplXXXXXX

(!) Did you ever program in BCPL?


Copyright © 1999, James T. Dennis
Published in The Linux Gazette Issue 36 January 1999


[ Answer Guy Index ] a b c 1 2 3 4 5 6 7 9 10 11 12
15 16 18 19 20 21 22 23 24 25 26 27 28
29 31 32 33 34 35 36 37 38 39 40 41 42 44
45 46 47 48 49 50 51 52 53 54 55 56 57 60 61 62 63 64 65 66
67 69 72 76 77 78 79 80 81 82 84 85 86 87 91 94 95 96 97 98


[ Table Of Contents ] [ Front Page ] [ Previous Section ] [ Next Section ]