Re: Giving a user root access

Anthony Barbachan (barbacha@trill.cis.fordham.edu)
Fri, 14 Aug 1998 02:38:11 -0400


-----Original Message-----
From: Mike A. Harris <mharris@ican.net>
To: John Caldwell <jcald@lake.ml.org>
Cc: Anthony Barbachan <barbacha@trill.cis.fordham.edu>; Dirk Hunter
<HUNT4105@asas.qld.edu.au>; linux-kernel@vger.rutgers.edu
<linux-kernel@vger.rutgers.edu>
Date: Friday, August 14, 1998 1:23 AM
Subject: Re: Giving a user root access

>On Thu, 13 Aug 1998, John Caldwell wrote:
>
>> > > Try the sudo package. It works great.
>> > >
>> > > Also as an alternative you can use rsh/rlogin.
>> > >
>> > > edit /root/.rhosts
>> > > add:
>> > >
>> > > localhost username
>> > >
>> > >
>> > >
>> > > make sure rshd rlogind have the -h parameter in /etc/inetd.conf
>> > >
>> > >
>> > > using rsh/rlogin the user can rsh or rlogin as the root user locally
>> >
>> > rsh/rlogin are IMHO major security holes in a system. I would
>> > never run rlogind/rshd on a networked system unless it was a
>> > totally trusted private network. Even then, ssh is much better
>> > of a shell as it provides security and encryption.
>> >
>>
>> they're talking about doing an 'rlogin localhost'. I dont think you
would
>> need to encrypt communications over the loopback interface, would you? ;)
>
>No but rlogin availability without a firewall leaves the host
>open to the numerous flaws rlogin.
>
>Lets put it this way. If you had a machine up 24/7 on the net
>(and perhaps you do), would you run rshd/rlogind for your users
>for any reason?
>
>Not me.
>

I do not on unsecured internet machines either. However, security could be
improve using the builtin linux kernel firewalling code. Make the machine
its own firewall.

>
>--
>Mike A. Harris - Computer Consultant - Linux advocate
>
>Escape from the confines of Microsoft's operating systems and push your
>PC to it's limits with LINUX - a real OS. http://www.redhat.com
>
>

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.altern.org/andrebalsa/doc/lkml-faq.html