SuSE Support Database

Title: Logging in as root remotely

---

Mainpage ---- Searchform ---- History ---- Versions ---- Categories ---- Contents
Deutsch
---

Logging in as root remotely

Applies to

SuSE Linux: Versions since 4.2

Symptom

It is impossible for root to login via telnet or a serial terminal. tar to a remote device ("distant machine") doesn't work.

Cause:

This feature is disabled for security reasons. See below ...

Solution :

If you really want to or have to enable that feature, put a comment sign in front of the line

CONSOLE	tty1:tty2:tty3:tty4:tty5:tty6:tty7:tty8
in the file /etc/login.defs. It should then look like
#CONSOLE tty1:tty2:tty3:tty4:tty5:tty6:tty7:tty8
Further information can also be found in the corresponding man-page : man login.defs .

So what's with rlogin and rsh?

Also tar is affected by the above restriction, if you want to store a backup on a distant host as user root (e.g. sun:/dev/rmt0). In this case rsh is being used in order to start /etc/rmt on the remote host.

See also man 8 rshd :

    8. Rshd then validates the user using ruserok(3),  which uses the file
       /etc/hosts.equiv and the .rhosts file found in the user's home di­
       rectory. The -l option prevents ruserok(3) from doing any validation
       based on the user's ``.rhosts'' file (unless the user is the supe­
       ruser and the -h option is used.) If the -h option is not used, su­
       peruser accounts may not be accessed via this service at all.

So everything should work o.k. if rshd gets started with the command line option -h (see also /etc/inetd.conf : in.rshd). The same rule applies to rlogind:

    rlogind [-ahlLn]
    
    -h      Permit use of superuser ``.rhosts'' files.

By the way, in the case of tar, the backup (including the transfer via the network) doesn't need to be done by root. If a user has sufficient permissions to write to the backup device, he can do so with user@sonne:/dev/rmt0.

---

See also:

---

Keywords: ROOT, LOGIN, TELNET, RLOGIN, TERMINAL, RSH, TAR, BACKUP

---

Categories: Security

---

Mainpage ---- Searchform ---- History ---- Versions ---- Categories ---- Contents
Deutsch
---

SDB-rootlogin, Copyright SuSE GmbH, Nuremberg, Germany - Version: 17. Sep 1997
Impressum - Last generated: 24. Feb 1999 15:22:36 by maddin with sdb_gen 1.00.0