: On most other Unix systems, one can rsh, even as root, to
: another machine (or even the same machine) with out being asked for
: a password so long as there is a /.rhosts or /root/.rhosts.
For the most part, this is true. We do not want the superuser to be
able to just rsh around. Coming from a large network perspective, we only
want root to be able to rsh from one or two secure hosts.
If you have this "secure-host.your.subnet root" in the root's .rhosts
on the target machine, Try this:
secure-host# rsh target ls
You should be able to rsh and execute just the command (which is what you would
need to do for automated backups and what not).
The impossiblity lies not it in the ruserok exactly, but in /etc/securetty.
Most admins of large networks dont allow the direct rsh'ing in their systems
anyway. The common way to do remote administration is to do something like
secure-host# rsh target "xterm -display YOUR-DISPLAY:0"&
: I know this must be possible, because sometimes this is required
: (doing a backup for example).
For a backup scheme, I would have to recommend the amanda backup system.
It has worked very very well for us here, and the backup user doesn't have
to be root.
Computer Systems Administrator
The University of Tennessee at Knoxville, Department of Mathematics