Very Computer

Does anyone know how to disable .rhosts files with fully disabling
rsh/rlogin.

i was able to diable .rhosts but rsh/rlogin also failed to work.
any suggestions would be welcome.

thanks

--

Quote:>-------------------------------------------------------------------<

Install W.Z. Venema's tcp_wrappers & logdaemon packages.
You then have r*d daemons that ignore ~/.rhosts files.

: Does anyone know how to disable .rhosts files with fully disabling
: rsh/rlogin.

: i was able to diable .rhosts but rsh/rlogin also failed to work.
: any suggestions would be welcome.

: thanks

you could place an empty root-owned, chmod 600 file called .rhosts in
each user's home directory. that way, there would already be a .rhosts
file there that the user could not edit or remove.

( =--
 Ben                               |     :Speed:

 http://www.veryComputer.com/~brunning | .FlyingSaucers.
 - How to*with a Macintosh: www.machacks.com -
                                                --= )

[oversteer]/export/home/carl{1} : mkdir foo
[oversteer]/export/home/carl{2} : cd foo
[oversteer]/export/home/carl/foo{3} : l
total 6
drwx------   2 carl     staff        512 Jan 15 17:26 .
drwx------  23 carl     other       1536 Jan 15 17:26 ..
[oversteer]/export/home/carl/foo{4} : su
Password:
# touch .rhosts
# exit
[oversteer]/export/home/carl/foo{5} : l
total 6
drwx------   2 carl     staff        512 Jan 15 17:27 .
drwx------  23 carl     other       1536 Jan 15 17:26 ..
-rw-------   1 root     other          0 Jan 15 17:27 .rhosts
[oversteer]/export/home/carl/foo{6} : rm .rhosts
rm: .rhosts: override protection 600 (yes/no)? y
[oversteer]/export/home/carl/foo{7} : l
total 6
drwx------   2 carl     staff        512 Jan 15 17:27 .
drwx------  23 carl     other       1536 Jan 15 17:26 ..
[oversteer]/export/home/carl/foo{8} :                    

Remember, root may own the file, but the user owns the directory
listing (file), and can do what they want to it. Read those
basic UNIX books again :) (and test anything before you claim it's
a solution, it's a bummer to be wrong in public :) )

To deal with .rhosts, you need to hack the code for it.  Under SunOS,
it wasn't too hard to make Berkeley r**** compile, and of course,
change its behaviour accordingly.  It's probably possible to
compile it under Solaris 2, but I imagine it's a bit harder :)

Does PAM offer a less-fun solution?

[[ PLEASE DON'T SEND ME EMAIL COPIES OF POSTINGS ]]

Casper
--
Expressed in this posting are my opinions.  They are in no way related
to opinions held by my employer, Sun Microsystems.
Statements on Sun products included here are not gospel and may
be fiction rather than truth.

--
"Is that all?" asked Alice.
"That is all." said Humpty Dumpty. "Goodbye." -- Lewis Carrol
-----
Bruno Raoult - sysadmin      |  These opinions are my own. They do

phone:+33 (1) 42 13 45 19    |  my employer, Societe Generale.

su -
cd /user/dir
rm .rhosts
mkdir .rhosts
chmod 700 .rhosts

Let's see the user get rid of that one.
--
Lars Balker Rasmussen, Software Engineer, Mjolner Informatics ApS

Quote:

>su -
>cd /user/dir
>rm .rhosts
>mkdir .rhosts
>chmod 700 .rhosts

>Let's see the user get rid of that one.

--
We can pretend O' is an inertial frame by
introducing these fictitious forces <(.)>

if you put a root owned file in there then the rmdir will fail, but the
user can still move it out of the way.

The user has control of their home directory, and will be able to
manipulate files placed there. Still, at least it prevents completely
clueless idiots from creating a .rhosts file.

--
-Peter Tribble
HGMP Computing Services
http://www.hgmp.mrc.ac.uk/~ptribble/

Oh well.
--
Lars Balker Rasmussen, Software Engineer, Mjolner Informatics ApS

[[ PLEASE DON'T SEND ME EMAIL COPIES OF POSTINGS ]]

You need to touch .rhosts/somefile too but then they can still rename
it.

Casper
--
Expressed in this posting are my opinions.  They are in no way related
to opinions held by my employer, Sun Microsystems.
Statements on Sun products included here are not gospel and may
be fiction rather than truth.

--
"Is that all?" asked Alice.
"That is all." said Humpty Dumpty. "Goodbye." -- Lewis Carrol
-----
Bruno Raoult - sysadmin      |  These opinions are my own. They do

phone:+33 (1) 42 13 45 19    |  my employer, Societe Generale.

-----BEGIN PGP SIGNED MESSAGE-----

Quote:> su -
> cd /user/dir
> rm .rhosts
> mkdir .rhosts
> chmod 700 .rhosts

> Let's see the user get rid of that one.

ian

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 5.0i for non-commercial use
Charset: noconv

iQB1AwUBNL4IH8oy0yij3IvtAQEsmwMA2y96sIbS7DdiysahIo0qZQs+Ph1ieS0d
pdosohcxNJpzQ5+99G1Jg1x4ZGNqbNSvWuwWUTmJ+RoDStMWxZIFXBGFSPCb5ZKZ
f8ItW4Fu/JYgqnLXHKFKE1BkpRjje10q
=vQYs
-----END PGP SIGNATURE-----

:-->>

:-->>
:-->> : Does anyone know how to disable .rhosts files with fully disabling
:-->> : rsh/rlogin.
:-->>
:-->> : i was able to diable .rhosts but rsh/rlogin also failed to work.
:-->> : any suggestions would be welcome.
:-->>
:-->> : thanks
:-->>

:-->>
:-->> you could place an empty root-owned, chmod 600 file called .rhosts in
:-->> each user's home directory. that way, there would already be a .rhosts
:-->> file there that the user could not edit or remove.

:-->Except that you can delete it as an ordinary user

:-->[oversteer]/export/home/carl{1} : mkdir foo
:-->[oversteer]/export/home/carl{2} : cd foo
:-->[oversteer]/export/home/carl/foo{3} : l
:-->total 6
:-->drwx------   2 carl     staff        512 Jan 15 17:26 .
:-->drwx------  23 carl     other       1536 Jan 15 17:26 ..
:-->[oversteer]/export/home/carl/foo{4} : su
:-->Password:
:--># touch .rhosts
:--># exit
:-->[oversteer]/export/home/carl/foo{5} : l
:-->total 6
:-->drwx------   2 carl     staff        512 Jan 15 17:27 .
:-->drwx------  23 carl     other       1536 Jan 15 17:26 ..
:-->-rw-------   1 root     other          0 Jan 15 17:27 .rhosts
:-->[oversteer]/export/home/carl/foo{6} : rm .rhosts
:-->rm: .rhosts: override protection 600 (yes/no)? y
:-->[oversteer]/export/home/carl/foo{7} : l
:-->total 6
:-->drwx------   2 carl     staff        512 Jan 15 17:27 .
:-->drwx------  23 carl     other       1536 Jan 15 17:26 ..
:-->[oversteer]/export/home/carl/foo{8} :                    

:-->Remember, root may own the file, but the user owns the directory
:-->listing (file), and can do what they want to it. Read those
:-->basic UNIX books again :) (and test anything before you claim it's
:-->a solution, it's a bummer to be wrong in public :) )

Ok, how about this:

01/15/1998{288}/home/foo/9:23:su
Password:
# mkdir .rhoststest [I didn't want to wipe out my .rhosts]
# touch .rhoststest/.rhosts
# ls -ld .rhoststest .rhoststest/.rhosts
drwx------   2 root     other        512 Jan 15 09:24 .rhoststest
-rw-------   1 root     other          0 Jan 15 09:24 .rhoststest/.rhosts
# exit
01/15/1998{289}/home/foo/9:24:rmdir .rhoststest
rmdir: directory ".rhoststest": Directory not empty
01/15/1998{290}/home/foo/9:24:cd .rhoststest
.rhoststest: Permission denied.
01/15/1998{291}/home/foo/9:24:rm .rhoststest/.rhosts
.rhoststest/.rhosts: Permission denied
[wait, what about rm -rf?]
01/15/1998{292}/home/foo/9:24:rm -rf .rhoststest
rm: cannot read directory .rhoststest: Permission denied
01/15/1998{293}/home/foo/9:27:rm -rf .rhoststest/.rhosts
01/15/1998{294}/home/foo/9:34:rmdir .rhoststest
rmdir: directory ".rhoststest": Directory not empty
01/15/1998{295}/home/foo/9:35:su
Password:
# cd .rhoststest
# ls -a
.        ..       .rhosts

:-->To deal with .rhosts, you need to hack the code for it.  Under SunOS,
:-->it wasn't too hard to make Berkeley r**** compile, and of course,
:-->change its behaviour accordingly.  It's probably possible to
:-->compile it under Solaris 2, but I imagine it's a bit harder :)

:-->Does PAM offer a less-fun solution?
--
no signature file