Very Computer

by **Thomas B Bro** » Tue, 30 May 1995 04:00:00

hi,

how do you allow root to log onto a solaris machine
from somewhere other than the console? i want to
be able to use rsh to do backups to one tape drive.

thanks,

tom

by **Brian Freem** » Wed, 31 May 1995 04:00:00

how do you allow root to log onto a solaris machine
from somewhere other than the console? i want to
be able to use rsh to do backups to one tape drive.

In the file /etc/default/login comment out the CONSOLE line:

# If #CONSOLE is set, root can only login on that device.
# Comment this line out to allow remote login by root.
#
#CONSOLE=/dev/console

thanks,

tom

-b

by **Peter Belle** » Wed, 31 May 1995 04:00:00

> how do you allow root to log onto a solaris machine
> from somewhere other than the console? i want to
> be able to use rsh to do backups to one tape drive.
>In the file /etc/default/login comment out the CONSOLE line:

> # If #CONSOLE is set, root can only login on that device.
> # Comment this line out to allow remote login by root.
> #
> #CONSOLE=/dev/console

You'll also need to create a /.rhosts file with the name of the box you
want to use rsh from.

--
Peter Bellen
dept. of Metallurgy and Materials Science - KULeuven

by **Michael Peacoc** » Thu, 01 Jun 1995 04:00:00

Quote:>hi,

>how do you allow root to log onto a solaris machine
>from somewhere other than the console? i want to
>be able to use rsh to do backups to one tape drive.

>thanks,

>tom

If you're using dump or ufsdump, you can create a cron job that calls a backup script
something like the one below:

This script calls dump on the host mudpuppy and dumps to the local exabyte drive:

--- CUT ----
#!/bin/sh
#
# Program: do.backup
# Dumps filesystems from a SunOS4.1.3 box to the local host
# Maintains incremental dump schedule
#
# Should be called in root's crontab:

# To Backup server at 4:00 AM, uncomment the following line
#===============================================================
#0 4 * * * /bin/do.backup >/dev/null
#===============================================================

today=`date | awk '{print $1}'`

# Some Tape Parameters
#===============================================================

Rewind="n"
block=64
density=54000
size=13000

case $today in
'Sun') LEVEL=3
echo " Performing a Level $LEVEL Dump of the Server";;
'Mon') LEVEL=3
echo " Performing a Level $LEVEL Dump of the Server";;
'Tue') LEVEL=3
echo " Performing a Level $LEVEL Dump of the Server";;
'Wed') LEVEL=3
echo " Performing a Level $LEVEL Dump of the Server";;
'Thu') LEVEL=7
Rewind=""
echo " Performing a Level $LEVEL Dump of the Server";;
'Fri') LEVEL=0
echo " Performing a Level $LEVEL Dump of the Server";;
'Sat') LEVEL=3

echo " Performing a Level $LEVEL Dump of the Server";;
esac

# Now Dump mudpuppy
#================================================================
echo "Dumping Mudpuppy\'s Files"

echo mudpuppy + > /.rhosts # let mudpuppy in

rsh mudpuppy '/usr/etc/rdump' $LEVEL'cusf' $size 'freon:/dev/rmt/0mbn' '/dev/rsd0a' #
mudpuppy:/root
rsh mudpuppy '/usr/etc/rdump' $LEVEL'cusf' $size 'freon:/dev/rmt/0mbn' '/dev/rsd0g' #
mudpuppy:/usr
rsh mudpuppy '/usr/etc/rdump' $LEVEL'cusf' $size 'freon:/dev/rmt/0mb'$Rewind '/dev/rsd0h' #
mudpuppy:/home

rm /.rhosts

echo "DUMP FINISHED AT " `date`
-- CUT --

Note that the script creates an entry for mudpuppy in freon's root .rhosts file and then
wipes out the file after the dump is finished. You don't want to leave these things lying
around, and you don't want to set up remote root logins.

--
--------------------------------------------------------------------------------
Michael Peacock |"Gee, Toto, we're not in Kansas
Experimental-Cognitive Psychology Area | anymore." - Dorothy
University of Denver |
http://www.psy.du.edu/~mpeacock/home.html |"Excellent." - Toto

by **Alan McK** » Thu, 01 Jun 1995 04:00:00

Quote:>hi,
>how do you allow root to log onto a solaris machine
>from somewhere other than the console? i want to
>be able to use rsh to do backups to one tape drive.

Lets say you have 2 machines names 'solaris' and 'machine'.
Lets assume also that your domainname is 'tamu.edu'.

On 'solaris' create a file called '/.rhosts' and put the following
in it:

machine root
machine.tamu.edu root

On 'machine' create a file called '/.rhosts' and put the following
in it:

solaris root
solaris.tamu.edu root

good luck,
-Alan

--
Excuse me for butting in, but I'm interrupt-driven.

by **Richard Pier** » Thu, 01 Jun 1995 04:00:00

[...]

Quote:>> # If #CONSOLE is set, root can only login on that device.
>> # Comment this line out to allow remote login by root.
>> #
>> #CONSOLE=/dev/console

Peter> You'll also need to create a /.rhosts file with the name of the
Peter> box you want to use rsh from.

Just realise that by doing so for root, you leave your machine
vulnerable to hostname spoofing. Allowing root, or anybody, really, the
ability to log in without a password is a major potential security
problem.

--
Richard Pieri, IS/Networking | Do not use Happy Fun Ball on concrete.

http://www.ccs.neu.edu/home/ratinox |

by **Luca Po** » Fri, 02 Jun 1995 04:00:00

Quote:>how do you allow root to log onto a solaris machine
>from somewhere other than the console? i want to
>be able to use rsh to do backups to one tape drive.

You don't need to enable root login from non-console ttys to use rsh:
just edit /.rhosts (which is anyway a risk, but...) and put in it

remote-host user

were "remote-host" is the name returned by gethostbyaddr() or
netdir_getbyaddr().

Anyway, if you still need to enable root login fron ttys, edit
/etc/default/login and comment out the "CONSOLE=/dev/console" line.

Regards,
Luca Polo.
--
+-----------------------------------------++---------------------------+

| address and phone numbers) || Universita` di Padova. |

by **Gyula Szoko** » Fri, 02 Jun 1995 04:00:00

Quote:>Just realise that by doing so for root, you leave your machine
>vulnerable to hostname spoofing. Allowing root, or anybody, really, the
>ability to log in without a password is a major potential security
>problem.

True, but sometimes you have no other choice. On the other hand, doing
BACKUPS (this was the original question, I think), it's not necessary.
I created a dedicated user, which is in the right GROUP so it can READ
(not write) the raw devices for the partitions. Fortunatelly Solaris
(or SunOS, for that matter) allows the following syntax:

where tape is this special user, server is the tapehost. You can avoid
being root to make dumps, and not being able to WRITE the disks, the
security risk is smaller.

Gyula

--

| When I am weaker than you, I ask you for freedom because that is according|
|to your principles; when I am stronger than you, I take away your freedom|
|because that is according to my principles. -- Frank Herbert|

by **Thomas Buehlma** » Fri, 02 Jun 1995 04:00:00

>> how do you allow root to log onto a solaris machine
>> from somewhere other than the console? i want to
>> be able to use rsh to do backups to one tape drive.
>>In the file /etc/default/login comment out the CONSOLE line:

>> #CONSOLE=/dev/console
>You'll also need to create a /.rhosts file with the name of the box you
>want to use rsh from.

The second you need (this is the /.rhosts file) the former which is the
disabling of the CONSOLE=/dev/console you *do not* need for backups if you want
to start remote commands only without actually loggin in getting a shell. I
have never understood this but SUN insists that this is not a bug. (The hint is
to have /dev/console enforced and define the /.rhosts file. Now you can start a
remote-shell by issuing "rsh mach-name sh" and will get a shell without having
to log in but circumventing the restriction imposed by /etc/default/login.

Regards, Thomas

by **David Mey** » Fri, 02 Jun 1995 04:00:00

: hi,

: how do you allow root to log onto a solaris machine
: from somewhere other than the console? i want to
: be able to use rsh to do backups to one tape drive.

: thanks,

: tom

You need to comment out the

CONSOLE=/dev/console

line in the /etc/default/login file.
--
United States Courts David Meyer
Texas Training & Support Centers UUCP: pcatsc!meyer
7550 IH10 West, Suite 1100 Voice 210-308-3700 ext. 1117

by **Alan McK** » Fri, 02 Jun 1995 04:00:00

>>hi,
>>how do you allow root to log onto a solaris machine
>>from somewhere other than the console? i want to
>>be able to use rsh to do backups to one tape drive.

>Lets say you have 2 machines names 'solaris' and 'machine'.
>Lets assume also that your domainname is 'tamu.edu'.

Oops, that was actually supposed to be an answer to something else.

sorry,

-Alan

--
Do witches run spell checkers?

by **Anders Hammarqui** » Fri, 02 Jun 1995 04:00:00

[Rest of the script deleted]

Quote:>echo mudpuppy + > /.rhosts # let mudpuppy in

You *don't* want that + there. It'll let anyone on mudpuppy rsh in as
root on freon while the backup is going. NEVER put a + in any .rhosts

Quote:>Note that the script creates an entry for mudpuppy in freon's root
>.rhosts file and then wipes out the file after the dump is finished.
>You don't want to leave these things lying around, and you don't want
>to set up remote root logins.

Right, beware though that root can still rsh in an execute commands
even if you don't permit remote logins. The CONSOLE= line in
/etc/default/login is rather meaningless for someone who can rsh to
the machine.

/Anders
--
-- Of course I'm crazy, but that doesn't mean I'm wrong.

System administrator at DjungelData | Fax: +46 31 772 3202
Chalmers University of Technology, G|teborg, Sweden | Tel: +46 31 772 3241

by **Matus Uhlar Softwa** » Sat, 03 Jun 1995 04:00:00

-> how do you allow root to log onto a solaris machine
-> from somewhere other than the console? i want to
-> be able to use rsh to do backups to one tape drive.

NOt needed, If you look at /etc/default/login, you see how enable root login
from non-console, but if you want backup, edit /.rhosts and add login and
host, which you want to use for backup. Or you can use your own login for
backup...
--
Matus Uhlar (fantomas,uhlar on IRC),
Computer Centre of Technical University in Kosice, Slovakia

by **silveir..** » Mon, 11 Sep 1995 04:00:00

Quote:>hi,
>how do you allow root to log onto a solaris machine
>from somewhere other than the console? i want to
>be able to use rsh to do backups to one tape drive.
>thanks,
>tom

Tom,

You need to look in /etc/default/su and /etc/default/login.

The comments in the two database files are self-explanatory.

Once you "fix" the file with vi, save it and then reboot. You'll
be able to remote login.

Matt Silveira
Data Systems Engineer
AT&T Wireless Services

by **Toomas Soo** » Thu, 14 Sep 1995 04:00:00

: >hi,

: >how do you allow root to log onto a solaris machine
: >from somewhere other than the console? i want to
: >be able to use rsh to do backups to one tape drive.

: Tom,

: You need to look in /etc/default/su and /etc/default/login.

: The comments in the two database files are self-explanatory.

: Once you "fix" the file with vi, save it and then reboot. You'll
: be able to remote login.

for rsh You don't need to allow root logins... just add line to /.rhosts
(a'la hosta root), so you can lounch

is client machine to backup and user xxx is user who have access to tape -
of course, it may be root also, in case you don't have to point to it,
and of course it have to have .rhost in home directory.

So You can run remote commands, but still can't make remote logins.

PS: we are useing this method for nightly backups and it works very nicely.
--
toomas soome

Very Computer

allowing root to rsh

allowing root to rsh

allowing root to rsh

allowing root to rsh

allowing root to rsh

allowing root to rsh

allowing root to rsh

allowing root to rsh

allowing root to rsh

allowing root to rsh

allowing root to rsh

allowing root to rsh

allowing root to rsh

allowing root to rsh

allowing root to rsh

allowing root to rsh