From owner-freebsd-stable Sat Sep 15 5:56:39 2001 Delivered-To: freebsd-stable@freebsd.org Received: from cutter.wantabe.com (cutter.wantabe.com [209.16.8.8]) by hub.freebsd.org (Postfix) with ESMTP id 97E7337B40B for ; Sat, 15 Sep 2001 05:56:35 -0700 (PDT) Received: from cutter.wantabe.com (cutter.wantabe.com [209.16.8.8]) by cutter.wantabe.com (8.10.1/8.10.1) with ESMTP id f8FCu6333476; Sat, 15 Sep 2001 07:56:06 -0500 (CDT) Date: Sat, 15 Sep 2001 07:56:06 -0500 (CDT) From: "Jeffrey J. Libman" To: Bob Martin Cc: Conrado Vardanega , freebsd-stable@FreeBSD.ORG Subject: Re: Disallowed any service (not ssh), part III In-Reply-To: <3BA3483B.58E03871@buckhorn.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG i got caught recently by this one: is it possible that in running mergemaster, the newest inetd.conf file was put in place? this file has a number of services commented out. i am just reaching here...but worth checking i guess. cheers, jeff -- | |\ +------------------------------+ Jeffrey J. Libman, ops. mgr. | \ | Wantabe Internet Services | Wantabe, Inc. |__\ +------------------------------+ jeffrl@wantabe.com <-----|------> | access web cgi ftp news mail | (281) 493-0718 __,.-=\'`^`'~=-../__,.-= +------------------------------+ On Sat, 15 Sep 2001, Bob Martin wrote: > I'll tackle the easy part first. The reason it's called mergemaster is > that you have to merge your configuration into the new systemfiles. So > the generated sendmail.cf doesn't include your configuration, nor do any > of the other files in /usr/src/etc. > > The reason that we keep asking about /etc/pam.conf is that it is one of > the "common threads". /etc/hosts.allow and /etc/login.conf are the also > common to ftp, telnet and ssh. Moreover, pam.conf recently changed. (See > /usr/src/UPDATING for details). > > It would seem that you've already covered the bases. I can only think of > 2 other possible causes. First, these services are (at least in default > configurations) designed to refuse UID's of 0. The other thing that > comes to mind is that these services also require a valid home directory > and a valid shell. For example, if cvarda's shell is > /usr/local/bin/bash, and that shell is not in /etc/shells (clobbered by > mergemaster?) then the login would be refused. > > Bob Martin > > Conrado Vardanega wrote: > > > > I ran mergemaster after some installworlds and I've found no changes on > > pam.conf. > > > > By the way, I've been checking out mergemaster's output files and the > > generated sendmail.cf didn't included my current configuration. Is this > > wrong? > > > > As stated on original message: The server has no ipfw rules (default to > > accept), login.access is default, hosts.allow is default (first line > > "ALL:ALL:allow"). All machines have DNS entry, as well reverse matching the > > forward name. > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-stable" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message