jra@BRL.MIL ("John R. Anderson", VLD/ASB) (02/22/90)
I have recently encountered two problems with our P.I.'s: 1. The other day, I changed the net addresses on our PI's, and at the same time I happened to place a notice to the user's in /etc/motd. Afterwards, "rcp" no longer worked correctly. I spent considerable time checking and rechecking the addresses on all the machines. It was very strange that I could do "rlogin", but not "rcp". Finally, I removed the notice from "/etc/motd", and amazingly, "rcp" started workin again. Imagine how frustrated one must be for "rcp doesn't work, so I'll empty /etc/motd" to seem reasonable. My question is: How can I post a notice to users of a PI without breaking "rcp"??? 2. We would like users without "root" priviledges to be able to do "shutdown". I assigned different passwords to the "root" and "sysadm" accounts. When executing "System Shutdown" from the "System" menu, it requests the "System Administrator" password. I took that to mean the "sysadm" account, but in fact it will only accept the "root" password. Is there a way to enable users without the "root" password to perform a shutdown??? Thanks, -John
fsfacca@AVELON.LERC.NASA.GOV (Tony Facca) (02/23/90)
"John R. Anderson" (VLD/ASB) <jra@BRL.MIL> writes: > > I have recently encountered two problems with our P.I.'s: > > [ very strange rcp question deleted ] > > 2. We would like users without "root" priviledges to be able to > do "shutdown". I assigned different passwords to the "root" and "sysadm" > accounts. When executing "System Shutdown" from the "System" menu, it > requests the "System Administrator" password. I took that to mean the > "sysadm" account, but in fact it will only accept the "root" password. > Is there a way to enable users without the "root" password to perform > a shutdown??? > How about a line like: shutdown::0:0:shutdown the system:/:/etc/shutdown in your /etc/passwd file. you can password protect the shutdown id so that only selected users can do this. actually, reboot would probably be a better program to use if security is an issue as its not interactive. -- ..ahead, warp factor...two + * + * + * - - - - -------======<<<<<{{{{{{[[[[[[ TONY FACCA fsfacca@avelon.lerc.nasa.gov + + * * * "Its hard to work in groups -- especially when you're omnipotent" --Q
brendan@illyria.wpd.sgi.com (Brendan Eich) (02/24/90)
In article <9002220905.aa28986@VAT.BRL.MIL>, jra@BRL.MIL ("John R. Anderson", VLD/ASB) writes: > 1. The other day, I changed the net addresses on our PI's, and > at the same time I happened to place a notice to the user's in /etc/motd. > Afterwards, "rcp" no longer worked correctly. I spent considerable time > checking and rechecking the addresses on all the machines. It was very > strange that I could do "rlogin", but not "rcp". Finally, I removed the > notice from "/etc/motd", and amazingly, "rcp" started workin again. > Imagine how frustrated one must be for "rcp doesn't work, so I'll empty > /etc/motd" to seem reasonable. My question is: How can I post a notice > to users of a PI without breaking "rcp"??? The BSD rcp protocol is fragile: as the friendly manual page says in its BUGS section: [Rcp is] confused by any output generated by commands in a .login, .profile, or .cshrc file on the remote host. The problem is not having a non-empty /etc/motd on the remote host, but the fact that the remote user's .profile or .cshrc file cats /etc/motd (the above-quoted warning about .login is erroneous -- the remote half of rcp uses does not involve a login shell, so .login is not sourced). Csh users can cat motd-like files from their .login files. But users of any shell shouldn't need to cat /etc/motd, as /etc/profile and /etc/cshrc do so for all login shells upon startup. Brendan Eich Silicon Graphics, Inc. brendan@sgi.com
bernie@umbc3.UMBC.EDU (Bernard J. Duffy) (02/27/90)
In article <51649@sgi.sgi.com> brendan@illyria.wpd.sgi.com (Brendan Eich) writes: >In article <9002220905.aa28986@VAT.BRL.MIL>, jra@BRL.MIL ("John R. Anderson", VLD/ASB) writes: >> 1. The other day, I changed the net addresses on our PI's, and >> at the same time I happened to place a notice to the user's in /etc/motd. >> ... some of this deleted .... > >The BSD rcp protocol is fragile: as the friendly manual page says in its >BUGS section: > > [Rcp is] confused by any output generated by commands in a .login, > .profile, or .cshrc file on the remote host. > >The problem is not having a non-empty /etc/motd on the remote host, but >the fact that the remote user's .profile or .cshrc file cats /etc/motd >(the above-quoted warning about .login is erroneous -- the remote half of >rcp uses does not involve a login shell, so .login is not sourced). > >Csh users can cat motd-like files from their .login files. But users of >any shell shouldn't need to cat /etc/motd, as /etc/profile and /etc/cshrc >do so for all login shells upon startup. But what about X-term users. I noticed that xterminal sessions (logins) into the SGI machines don't have the benifit of /etc/cshrc (don't know about /etc/profile for sh users.. don't have any). And not only does that not get executed, neither does the .login ! So, the only way to get /etc/motd is to do it in the ~.cshrc as I've done below to get once : if ($?prompt) then # Prompt was set... for interactive session/ not process command if !($?BJD_ETC_CSHRC) then if ($?DISPLAY) then source /etc/cshrc endif setenv BJD_ETC_CSHRC 1 endif #... endif > >Brendan Eich >Silicon Graphics, Inc. >brendan@sgi.com This isn't an SGI-only problem, I've noticed this with DEC's Ultrix as well, but had an easier time working the .cshrc since SGI's setup of the DISPLAY is a bit sloppy (sets DISPLAY even thought there's no Xterm... convience for the "console" user to run x programs while in wsh). There may be a solution to this, but I haven't accidently run acrossed it yet. Bernie Duffy. -- Bernie Duffy Systems Programmer II | Bitnet : BERNIE@UMBC2 Academic Computing - L005e | Internet : BERNIE@UMBC2.UMBC.EDU Univ. of Maryland Baltimore County | UUCP : ...!uunet!umbc3!bernie Baltimore, MD 21228 (U.S.A.) | W: (301) 455-3231 H: (301) 744-2954
brendan@illyria.wpd.sgi.com (Brendan Eich) (02/27/90)
In article <2836@umbc3.UMBC.EDU>, bernie@umbc3.UMBC.EDU (Bernard J. Duffy) writes: > This isn't an SGI-only problem, I've noticed this with DEC's Ultrix as well, > but had an easier time working the .cshrc since SGI's setup of the DISPLAY > is a bit sloppy (sets DISPLAY even thought there's no Xterm... convience > for the "console" user to run x programs while in wsh). > There may be a solution to this, but I haven't accidently run acrossed it > yet. It seems xterm doesn't start a login shell (one with an initial "-" in its argv[0] basename). Only a login C-shell reads /etc/cshrc and .login, similarly for sh and /etc/profile & .profile. I don't know much about X; perhaps there's an xterm option for logging in (creating a login shell, updating /etc/utmp). Sub-shells and "automatic" shells such as the remote half of rcp uses are not login shells, and should not result in /etc/motd or unintended noise on standard output. Brendan
hartzell@boulder.Colorado.EDU (George Hartzell) (02/27/90)
In article <51830@sgi.sgi.com>, brendan@illyria (Brendan Eich) writes: >It seems xterm doesn't start a login shell (one with an initial "-" in >its argv[0] basename). Only a login C-shell reads /etc/cshrc and .login, >similarly for sh and /etc/profile & .profile. I don't know much about X; >perhaps there's an xterm option for logging in (creating a login shell, >updating /etc/utmp). From the xterm man page on my MIPS: -ls This option indicates that the shell that is started in the xterm window be a login shell (i.e. the first character of argv[0] will be a dash, indicating to the shell that it should read the user's .login or .profile). g. George Hartzell (303) 492-4535 MCD Biology, University of Colorado-Boulder, Boulder, CO 80309 hartzell@Boulder.Colorado.EDU ..!{ncar,nbires}!boulder!hartzell
bernie@umbc5.umbc.edu (Bernard J. Duffy) (03/03/90)
In article <17463@boulder.Colorado.EDU> hartzell@boulder.Colorado.EDU (George Hartzell) writes: >In article <51830@sgi.sgi.com>, brendan@illyria (Brendan Eich) writes: >>It seems xterm doesn't start a login shell (one with an initial "-" in >>its argv[0] basename). Only a login C-shell reads /etc/cshrc and .login, >>similarly for sh and /etc/profile & .profile. I don't know much about X; >>perhaps there's an xterm option for logging in (creating a login shell, >>updating /etc/utmp). ^^^^^^^^^^^^^^^^^^ - If this is the part where the user shows up in the output from the "who" command, then this is done as the default setup. In other words, the remote - into - xterm sessions show up as interactive terminal sessions. > >From the xterm man page on my MIPS: > -ls This option indicates that the shell that is started > in the xterm window be a login shell (i.e. the first > character of argv[0] will be a dash, indicating to > the shell that it should read the user's .login or > .profile). > >g. >George Hartzell (303) 492-4535 > MCD Biology, University of Colorado-Boulder, Boulder, CO 80309 >hartzell@Boulder.Colorado.EDU ..!{ncar,nbires}!boulder!hartzell George / Brendan : Do you know of way to make all xterm-login sessions run as a login shell? My goal is to provide a consistent login sequence from all the "login", "rlogin", "telnet", and "xterm" sessions. I've been using some of the environment variables (like REMOTEHOST and DISPLAY), but they don't cover the exceptions well enough to get around the cases where /etc/cshrc doesn't get run. As a system administrate for new unix users, it is of great help to have a "system-wide" "cshrc" (/etc/cshrc) for all there logins. This way I can setup common system-wide aliases, umask-s, and terminal setups like the correct " stty erase <char> " . The latter one is the biggest problem with Backspace and Delete characters in mix environments (unix: ATT/SGI - ^H, BSD/Ultrix - ^?, non-unix: VMS - ^? ). There might be a clean way around all of this if I could "bind" the back- space key on the SGI (PC-AT) keyboard to send the char 127 (Delete). Thanks for your responses, Bernie Bernie Duffy Systems Programmer II | Bitnet : BERNIE@UMBC2 Academic Computing - L005e | Internet : BERNIE@UMBC2.UMBC.EDU Univ. of Maryland Baltimore County | UUCP : ...!uunet!umbc3!bernie Baltimore, MD 21228 (U.S.A.) | W: (301) 455-3231 H: (301) 744-2954