From owner-freebsd-stable  Sat Sep 15  5:23:23 2001
Delivered-To: freebsd-stable@freebsd.org
Received: from darkstar.buckhorn.net (lfkn-adsl-dhcp-net1-159.txucom.net [207.70.145.159])
	by hub.freebsd.org (Postfix) with ESMTP id 9E1B337B405
	for <freebsd-stable@FreeBSD.ORG>; Sat, 15 Sep 2001 05:23:19 -0700 (PDT)
Received: from buckhorn.net (darkstar.buckhorn.net [207.70.145.159])
	by darkstar.buckhorn.net (Postfix) with ESMTP
	id 554BF6E8F4; Sat, 15 Sep 2001 07:23:23 -0500 (CDT)
Message-ID: <3BA3483B.58E03871@buckhorn.net>
Date: Sat, 15 Sep 2001 07:23:23 -0500
From: Bob Martin <bob@buckhorn.net>
X-Mailer: Mozilla 4.77 [en] (X11; U; Linux 2.2.12 i386)
X-Accept-Language: en
MIME-Version: 1.0
To: Conrado Vardanega <cvspam@ig.com.br>, freebsd-stable@FreeBSD.ORG
Subject: Re: Disallowed any service (not ssh), part III
References: <NDBBLGPICDCECKDGFCGFCENGCKAA.cvspam@ig.com.br>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-stable.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-stable>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-stable>
X-Loop: FreeBSD.ORG

I'll tackle the easy part first. The reason it's called mergemaster is
that you have to merge your configuration into the new systemfiles. So
the generated sendmail.cf doesn't include your configuration, nor do any
of the other files in /usr/src/etc.

The reason that we keep asking about /etc/pam.conf is that it is one of
the "common threads". /etc/hosts.allow and /etc/login.conf are the also
common to ftp, telnet and ssh. Moreover, pam.conf recently changed. (See
/usr/src/UPDATING for details). 

It would seem that you've already covered the bases. I can only think of
2 other possible causes. First, these services are (at least in default
configurations) designed to refuse UID's of 0. The other thing that
comes to mind is that these services also require a valid home directory
and a valid shell. For example, if cvarda's shell is
/usr/local/bin/bash, and that shell is not in /etc/shells (clobbered by
mergemaster?) then the login would be refused.

Bob Martin

Conrado Vardanega wrote:
> 
> I ran mergemaster after some installworlds and I've found no changes on
> pam.conf.
> 
> By the way, I've been checking out mergemaster's output files and the
> generated sendmail.cf didn't included my current configuration. Is this
> wrong?
> 
> As stated on original message: The server has no ipfw rules (default to
> accept), login.access is default, hosts.allow is default (first line
> "ALL:ALL:allow"). All machines have DNS entry, as well reverse matching the
> forward name.
>

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message