home *** CD-ROM | disk | FTP | other *** search
- Xref: sparky comp.sys.sgi.admin:326 comp.unix.admin:7269
- Newsgroups: comp.sys.sgi.admin,comp.unix.admin
- Path: sparky!uunet!think.com!yale.edu!news.yale.edu!neutron!dcs
- From: dcs@neutron.chem.yale.edu (Dave Schweisguth)
- Subject: Root permissions puzzle
- Message-ID: <1993Jan28.164345.12166@news.yale.edu>
- Sender: news@news.yale.edu (USENET News System)
- Nntp-Posting-Host: neutron.chem.yale.edu
- Organization: Yale University
- X-Newsreader: TIN [version 1.1 PL8]
- Date: Thu, 28 Jan 1993 16:43:45 GMT
- Lines: 31
-
- Hi all,
-
- I manage a pair of equivalent (in the /etc/hosts.equiv sense) Irises. (All
- the files and accounts I'll mention are identical on both by way of NFS or
- rdist.) I've made a second root account for myself like so
-
- dcs-root:snip:0:0:Dave Schweisguth:/usr/people/dcs:/usr/local/bin/tcsh
-
- so that I can use my personal account with tcsh, aliases, etc. for admin and
- leave the regular root account (with shell=/bin/csh and homedir=/, the SGI
- defaults) as a backup in case NFS dies and I lose tcsh.
-
- This is fine, but if I'm dcs-root on one machine and I rsh to the other, I
- get the original (wrong shell and homedir) root account. If I'm dcs-root and
- I "rsh dcs-root@foo" to the other, I need to provide my password. Either
- way, it's obnoxious.
-
- /etc/hosts.equiv presently contains "localhost" and the two Irises in
- question, and /.rhosts lets in "root" from either machine. Adding "dcs-root"
- to /.rhosts doesn't help. Adding it to my own ~/.rhosts (and chown'ing
- ~/.rhosts to root.sys) makes "rsh dcs-root@foo" work from either machine, but
- also from the other non-trusted machines which I also need in my ~/.rhosts.
-
- Can anyone think of a way to have my access and secure it too?
-
- TIA,
-
- --
- | Dave Schweisguth Yale MB&B & Chemistry Net: dcs@neutron.chem.yale.edu |
- | Lab phone: 203-432-5208 Fax: 203-432-6144 Home phone: 203-624-3866 |
- | For complying with the NJ Right To Know Act: Contents partially unknown. |
-
