>> I'm on a SunOS 4.1.1. I try rlogin to another SunOS 4.1.2.
>> rlogin there -l gut : no ask for the passwd
>> rlogin there -l beig : ask for the passwd.
>> But:
>> # ypcat passwd | egrep 'beig|gut'
>> beig:XXXXXXXXXXX:1782:20668:Jacques Beigbeder:/util1/pgut/beig:/bin/csh
>> gut:XXXXXXXXXXXXX:1393:20668:Eric Picheral:/util1/pgut/gut:/bin/csh
>> # ls -ldg /util1/pgut/gut /util1/pgut/beig /util1/pgut/beig/.rhosts /util1/pgut/gut/.rhosts
>> drwxr-xr-x 4 beig pgut 1024 Nov 23 19:43 /util1/pgut/beig/
>> drwxr-xr-x 13 gut pgut 1024 Nov 24 18:35 /util1/pgut/gut/
>> -rw-r--r-- 1 beig pgut 43 Nov 25 20:08 /util1/pgut/beig/.rhosts
>> -rw-r--r-- 1 gut pgut 43 Sep 2 13:53 /util1/pgut/gut/.rhosts
>> # cmp /util1/pgut/beig/.rhosts /util1/pgut/gut/.rhosts
>> (nothing)
>> Where can I look? Is there some patch?
I received several answers, and I noticed that a lot of people
understand nothing in .rhosts, /etc/hosts.equiv, netgroups, ...
Very instructive! I was told to check UID/GID on both hosts,
I was told to set .rhosts rw-r--r--: this is a violation of
elementary securities!
I was a problem of access rights, and I think that's a bug in /bin/login.
I want to log as beig, the home of beig on the distant host is:
drwxr-xr-x 4 beig pgut 1024 Nov 23 19:43 /util1/pgut/beig
So anyone can enter this directory.
But the $HOME/.. was:
drwxr-x--- 7 gut pgut 512 Nov 19 10:01 /util1/pgut
and was NFS-mounted. (no one told me about NFS in the answers, it's
important!).
So when I try:
rlogin there -l gut
/bin/login change its identity to gut, and succeeded in the reading
of ~gut/.rhosts file:
/util1/pgut is rwx for UID gut,
/util1/pgut/gut is readable for UID gut,
/util1/pgut/gut/.rhosts is readable for UID gut.
But when I try rlogin there -l beig, /bin/login sets its UID to
beig and I suppose its GID stay as 0. So
/util1/pgut is read ad UID beig and GID 0.
Unfortunately:
I'm not the owner of /util1/pgut (I'm UID beig)
I'm GID 0 so not in the pgut group,
and for others /util1/pgut is closed.
So I think there's a bug in /bin/login: it changes its UID
to the new one, but it doesn't change its GID...
But that's not so obvious: in SunOS, your rights are controled
by the native group declared in /etc/passwd (or the NIS equivalent)
*** AND *** the groups you add via the /etc/group file.
To read .rhosts file as if you were logged in, you have
to set /bin/login run as all these groups.
Jacques Beigbeder | Internet: beig@ens.fr
Service de Prestations Informatiques | Bitnet : beig@frulm63
Ecole Normale Superieure | Tel : (33-1) 44-32-37-96
F75230 Paris Cedex 05 | Fax : (33-1) 44-32-20-80
This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:06:53 CDT