Date: Fri, 13 Oct 2000 17:44:17 -0700 From: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca> To: "ggross@symark.com" <ggross@symark.com> Cc: "'Vivek Khera'" <khera@kciLink.com>, "stable@FreeBSD.ORG" <stable@FreeBSD.ORG> Subject: Re: turning off rcmd is premature Message-ID: <200010140044.e9E0iUb19137@cwsys.cwsent.com> In-Reply-To: Your message of "Fri, 13 Oct 2000 13:34:11 PDT." <01C0351A.45CBF470.ggross@symark.com>
next in thread | previous in thread | raw e-mail | index | archive | help
It's got nothing to do with whether someone's programmer or not. If anyone needs to turn any "r" services back on it's a simple edit of inetd.conf to remove the appropriate comment characters and send a HUP signal to inetd. If you tell mergemaster to not touch (choose "d") when updating inetd.conf, your inetd.conf will not change. You can also use the "m" directive to merge changes into your inetd.conf. Regards, Phone: (250)387-8437 Cy Schubert Fax: (250)387-5766 Team Leader, Sun/DEC Team Internet: Cy.Schubert@osg.gov.bc.ca Open Systems Group, ITSD, ISTA Province of BC In message <01C0351A.45CBF470.ggross@symark.com>, Glen Gross writes: > >From a non-programmer's standpoint, I also agree that turning off rshd is > premature. The strength of UNIX is traditionally in the fact that it is an > open system. > Excessive zeal to make it secure also makes it less functional, and this is a > > delicate balance. Many people will just consider the OS "broken" > if basic functionality is not there. This kind of thing will probably just > cause me to avoid running mergemaster. For new systems I would then just FTP > a > working > copy of inetd.conf from another system anyway, rather than manually edit all > the disabled defaults. Just my 2 cents. > > Regards, > > Glen M. Gross > Unix Technical Support Specialist > Symark Software > 5716 Corsa Avenue, Suite 200 > Westlake Village, CA 91362 > http://www.symark.com > unix-support@symark.com > Main: 800-234-9072 or 818-865-6100 > Main fax: 818-889-1894 > > > On Friday, October 13, 2000 1:25 PM, Vivek Khera [SMTP:khera@kciLink.com] > wrote: > > Earlier this week, the rcmd (rshd/rlogin) service was turned off by > > default for new installs, and if you let mergemaster update your > > config to the current "recommended" settings. > > > > I think this is premature. > > > > >From where I sit, at least one more thing needs to be updated to allow > > using ssh before rcmd can be turned off. That is rmt. As it > > stands, new installs by default will not be able to do remote dumps > > properly until rshd is enabled in both inetd.conf and pam.conf. If > > rmt supported ssh as a transport (apparently OpenBSD's version does), > > then it would make sense to turn off rshd totally. > > > > I understand that the default config is just that, but there should be > > some consideration as to it being sensible. For myself, I protect > > rshd using tcpwrappers, so I'm not too worried about it for doing the > > dumps. > > > > -- > > =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= > > Vivek Khera, Ph.D. Khera Communications, Inc. > > Internet: khera@kciLink.com Rockville, MD +1-301-545-6996 > > GPG & MIME spoken here http://www.khera.org/~vivek/ > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-stable" in the body of the message > > > Glen M. Gross > Unix Technical Support Specialist > Symark Software > 5716 Corsa Avenue, Suite 200 > Westlake Village, CA 91362 > http://www.symark.com > unix-support@symark.com > Main: 800-234-9072 or 818-865-6100 > Main fax: 818-889-1894 > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-stable" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200010140044.e9E0iUb19137>