Quote:> I have got two computers set aside for Linux that I can't run
> because the Red Hat Linux security "features" are putting me
> off -- literaly taking the pleasure out of using them. Previously
> I had same running some old version of Slackware. Admitedly,
> I'm not a frequent Linux user so some of what follows may be
> a reflection of my inexperience. Here's some of the stuff that
> I can't do since downgrading to Red Hat :
RedHat has decided to follow the commercial industry and try to make their
systems semi-secure at least. What you consider to be "taking the pleasure
out of using them", we in the professional industry consider to be the best
hope for linux to gain commercial acceptance and have a future.
Quote:> 1) Can't telnet from my NeXT machine to any of the said Red Hat
> Linux machines and log in as root.
This is a security feature. Telnet in as a normal user, and then su.
consider, if you can telnet in as root, so can anyone else. At this point,
they only need to break your root password to have complete access to your
system. If they first have to become a user, they have to know the user
name (not too difficult if you send mail or post news from it), figure out
that user's password, and then figure out root's password.
Quote:> 2) Can't reboot any of these machines by typing shutdown -r now
> from a telnet session - I try to this after logging in as
> a normal user and su root because of item 1) above.
> I have to physically walk into my computer room and
> use a local keyboard.
Why can't you? I'll admit, I haven't tried this myself on my linux box.
This is fairly standard practice. What exactly happens?
Quote:> 3) Can't actually execute any program from my local
> directory without first sticking a "./" in front of it.
This is a major security feature. You can easily fix it by placing "." in
your PATH variable. However, I really suggest you don't do this. Imagine
what happens if you put "." in your PATH, and I put a script somewhere
called "mroe" that defeats your security. For example:
echo "me myhost.com" >> $HOME/.rhosts
echo "mroe: Command not found."
Guess what, I can now compromise your security without you ever knowing it.
Quote:> 4) Can't get NFS to work properly. I can't write to the
> darn Red Hat Linux machine designated as my file server.
> ( Reads ok though .) The flags in the exports file are
> "insecure" and "all_squash."
Sounds to me like you're either trying to write as root and haven't set up
the exports correctly, or the server doesn't know about the client.
Quote:> yet if anyone can point to a guide that describes getting rid of
> all this security nonsense that I don't need. )
You're exactly the type that *does* need this security. You don't know any
better, and leave yourself open for any cracker to come in to your
systems. I think you should leave the security in place and learn to live
with the slight inconvenience. At least until you've used it long enough
for them to no longer bother you.
Stephen P Potter Pencom Systems Administration Chrysler, Detroit
Check out <A HREF="http://www.perl.org/">The Perl Institute</A>