'su' and 'rlogin' wierdness under 2.6 ...

'su' and 'rlogin' wierdness under 2.6 ...

Post by Thomas Leitne » Mon, 05 Jan 1998 04:00:00



Hi,

We experience the following weirdness under 2.6:

1.) 'su' from a non-root user to root does not work, even though the
    non-root user is added to the root group in /etc/group file
    like this:

    root::0:root,testuser

    where "testuser" is the username from which we try to su to root.

2.) 'rlogin' does not work as it used before. Now, when a non-root user
    tries to rlogin, he gets:

    rcmd:  socket: Permission denied

    immediately.

Any clue for me anyone?

Thanks -- Tom

P.S. This is the current /etc/pam.conf:


#                                                                              
# PAM configuration                                                            
#                                                                              
# Authentication management                                                    
#                                                                              
login   auth required   /usr/lib/security/pam_unix.so.1                        
login   auth required   /usr/lib/security/pam_dial_auth.so.1                    
#                                                                              
rlogin  auth sufficient /usr/lib/security/pam_rhosts_auth.so.1                  
rlogin  auth required   /usr/lib/security/pam_unix.so.1                        
#                                                                              
dtlogin auth required   /usr/lib/security/pam_unix.so.1                        
#                                                                              
rsh     auth required   /usr/lib/security/pam_rhosts_auth.so.1                  
other   auth required   /usr/lib/security/pam_unix.so.1                        
#                                                                              
# Account management                                                            
#                                                                              
login   account required        /usr/lib/security/pam_unix.so.1                
dtlogin account required        /usr/lib/security/pam_unix.so.1                
#                                                                              
other   account required        /usr/lib/security/pam_unix.so.1                
#                                                                              
# Session management                                                            
#                                                                              
other   session required        /usr/lib/security/pam_unix.so.1                
#                                                                              
# Password management                                                          
#                                                                              
other   password required       /usr/lib/security/pam_unix.so.1                
#

--
--------------------------------------------------------------------------
T o m   L e i t n e r                       Dept. of Communications
                                            Graz University of Technology,

Phone     : +43-316-873-7455                A-8010 Graz / Austria / Europe
Fax       : +43-316-463-697
Home page : http://wiis.tu-graz.ac.at/people/tom.html
PGP public key on : ftp://wiis.tu-graz.ac.at/pgp-keys/tom.asc or send

--------------------------------------------------------------------------
    Before we have the paperless office, we have the paperless toilet!

 
 
 

'su' and 'rlogin' wierdness under 2.6 ...

Post by Casper H.S. Dik - Network Security Engine » Mon, 05 Jan 1998 04:00:00


[[ PLEASE DON'T SEND ME EMAIL COPIES OF POSTINGS ]]


>1.) 'su' from a non-root user to root does not work, even though the
>    non-root user is added to the root group in /etc/group file
>    like this:
>    root::0:root,testuser
>    where "testuser" is the username from which we try to su to root.

No need to be in the root group.  But is /sbin/su mode 4755 and owned
by root?

Quote:>2.) 'rlogin' does not work as it used before. Now, when a non-root user
>    tries to rlogin, he gets:
>    rcmd:  socket: Permission denied

Chmod 4755 /usr/bin/rlogin; chown root /usr/bin/rlogin.

(and make sure /usr isn't mounted "nosuid".

Quote:>rsh     auth required   /usr/lib/security/pam_rhosts_auth.so.1                  

Casper
--
Expressed in this posting are my opinions.  They are in no way related
to opinions held by my employer, Sun Microsystems.
Statements on Sun products included here are not gospel and may
be fiction rather than truth.