Mainpage
Searchform
History
Versions
Categories
Contents
Deutsch
SuSE Linux: Versions since 4.2
It is impossible for root
to login via telnet
or a serial terminal. tar
to a remote device ("distant machine") doesn't work.
This feature is disabled for security reasons. See below ...
If you really want to or have to enable that feature, put a comment sign in front of the line
CONSOLE tty1:tty2:tty3:tty4:tty5:tty6:tty7:tty8in the file
/etc/login.defs
. It should then look like
#CONSOLE tty1:tty2:tty3:tty4:tty5:tty6:tty7:tty8Further information can also be found in the corresponding man-page :
man login.defs
.
rlogin
and rsh
?
Also tar
is affected by the above restriction, if you want to store a backup on a distant host
as user root
(e.g. sun:/dev/rmt0
). In this case rsh
is being used in
order to start /etc/rmt
on the remote host.
See also man 8 rshd
:
8. Rshd then validates the user using ruserok(3), which uses the file /etc/hosts.equiv and the .rhosts file found in the user's home di rectory. The -l option prevents ruserok(3) from doing any validation based on the user's ``.rhosts'' file (unless the user is the supe ruser and the -h option is used.) If the -h option is not used, su peruser accounts may not be accessed via this service at all.
So everything should work o.k. if rshd
gets started with the command line option -h
(see also /etc/inetd.conf
: in.rshd
). The same rule applies to rlogind
:
rlogind [-ahlLn] -h Permit use of superuser ``.rhosts'' files.
By the way, in the case of tar
, the backup (including the transfer via the network) doesn't need to be done by root.
If a user has sufficient permissions to write to the backup device, he can do so with user@sonne:/dev/rmt0
.
See also:
Keywords: ROOT, LOGIN, TELNET, RLOGIN, TERMINAL, RSH, TAR, BACKUP
Categories:
Security
Mainpage
Searchform
History
Versions
Categories
Contents
Deutsch