rog@speech.kth.se (Roger Lindell) (11/07/90)
Hello, We have a problem using rsh with PC-NFS. We have a small network of PC:s connected to an Apollo DN4000 running pcnfsd. To make things easy for the users we have created a dummy account with no password, the account is not valid so you can't login on it but there is an entry in /etc/passwd so pcnfs recognizes it. The problem is that if I do a 'rsh host /bin/ls' using the dummy account it works fine, but when I login as myself or anybody else I get: Permission denied. rcmd: Too many open files. I have tried increasing the number of files using /f with pcnfs.sys and also with the files= command of MS-DOS but nothing seems to help. Has anybody seen this problem and does anybody have a solution.? Yours, Roger Lindell -- Roger Lindell rog@speech.kth.se Dept. of Speech Communication and Music Acoustics Royal Institute of Technology Sweden
rog@speech.kth.se (Roger Lindell) (11/08/90)
Hello again, I just want to thank everybody who mailed me and tell them that it works fine now since I added the PC:s to the hosts.equiv list. Yours, Roger Lindell -- Roger Lindell rog@speech.kth.se Dept. of Speech Communication and Music Acoustics Royal Institute of Technology Sweden
pilger@uhunix1.uhcc.Hawaii.Edu (Eric Pilger) (11/08/90)
In article <rog.657969347@nebula> rog@speech.kth.se (Roger Lindell) writes: >/etc/passwd so pcnfs recognizes it. The problem is that if I do a >'rsh host /bin/ls' using the dummy account it works fine, but when I >login as myself or anybody else I get: > >Permission denied. >rcmd: Too many open files. > >I have tried increasing the number of files using /f with pcnfs.sys >and also with the files= command of MS-DOS but nothing seems to help. > >Has anybody seen this problem and does anybody have a solution.? > I have gotten this error on a number of occasions, and it never had anything to do with files being open (at least externally.) In all cases, it came about because you didn't have permission to do remote shell on that machine. This is cured by either adding PC hosts to the "hosts.equiv" table, or adding the PC hosts you use to the ".rhosts" file in your home directory. I'm not sure why things would only work for the dummy account. Are you all valid users on this machine? Only valid users can run remote commands. Eric Pilger Systems Programmer NASA Infrared Telescope Facility
csb@gdwb.oz.au (Craig Bishop) (11/09/90)
rog@speech.kth.se (Roger Lindell) writes: >Hello again, >I just want to thank everybody who mailed me and tell them that >it works fine now since I added the PC:s to the hosts.equiv list. This is a bad idea because if the PC user is able to tell rsh that he is root then the PC user can do whatever he likes. What you have done is said that the PC is equivalent to you UNIX box. This is dangerous, basically I don't trust PC users. What we do is create a .rhosts file for nobody and place all the PC's in that. That way all the PC's have the privileges to run commands using the nobody user. They can do lots of things but cannot do anything to the system because nobody does not have access to many things. Then if PC users wish to execute commands as themselves (ie. using their Unix account) we get them to create a personal ".rhosts" file in their home directory which equivalences their PC with the UNIX machines. They can even put multiple PC's in the .rhosts file if they wish to use multiple PC's accessing the UNIX machines. I am prepared to be proved wrong and be told that the PC's are safe, but can someone prove that? -- Craig Bishop Geelong & District Water Board Phone: +61 52 262506 61-67 Ryrie St Geelong Fax: +61 52 218236 Victoria 3220 Australia
debtron@cme.nist.gov (Debbie Nickerson) (11/10/90)
:-):-)Hello again, :-):-)I just want to thank everybody who mailed me and tell them that :-):-)it works fine now since I added the PC:s to the hosts.equiv list. :-)This is a bad idea because if the PC user is able to tell rsh :-)that he is root then the PC user can do whatever he likes. What After reading the hosts.equiv man page, I believe that having the PCs listed in the hosts.equiv list does not allow them to rlogin or rsh as root. Root rsh and rlogin permissions are controlled by the /.rhosts file. Furthermore, I just tried doing an "rsh hostname -l root command", where hostname is one of our hosts and command is of course a unix command. I received the following error: usage: rsh host command The (l) username option doesn't seem to work. Has anyone else had a problem with using the (l) option to rsh? (We have SUN PC-NFS 3.0.1) Debbie Nickerson (301) 975-3552 National Institute of Standards and Technology debtron@cme.nist.gov
jerry@olivey.olivetti.com (Jerry Aguirre) (11/27/90)
In article <DEBTRON.90Nov9115653@suds.cme.nist.gov> debtron@cme.nist.gov (Debbie Nickerson) writes: >After reading the hosts.equiv man page, I believe that having the PCs >listed in the hosts.equiv list does not allow them to rlogin or rsh >as root. Root rsh and rlogin permissions are controlled by the /.rhosts file. The exclusion of root from host.equivs is not really enough protection. There are usually enough files lying around that are owned by "bin" or uucp to provide entries to the system. One can either disrupt activities by clobbering them or plant a trojan hourse for the next envocation by the root user. Let the users put it in their own .rhosts or better yet, just don't use rsh from a PC.