Date: Sat, 15 Sep 2001 07:56:06 -0500 (CDT) From: "Jeffrey J. Libman" <jeffrl@wantabe.com> To: Bob Martin <bob@buckhorn.net> Cc: Conrado Vardanega <cvspam@ig.com.br>, freebsd-stable@FreeBSD.ORG Subject: Re: Disallowed any service (not ssh), part III Message-ID: <Pine.BSF.4.21.0109150754340.33440-100000@cutter.wantabe.com> In-Reply-To: <3BA3483B.58E03871@buckhorn.net>
next in thread | previous in thread | raw e-mail | index | archive | help
i got caught recently by this one: is it possible that in running
mergemaster, the newest inetd.conf file was put in place? this file has a
number of services commented out. i am just reaching here...but worth
checking i guess.
cheers,
jeff
--
|
|\ +------------------------------+
Jeffrey J. Libman, ops. mgr. | \ | Wantabe Internet Services |
Wantabe, Inc. |__\ +------------------------------+
jeffrl@wantabe.com <-----|------> | access web cgi ftp news mail |
(281) 493-0718 __,.-=\'`^`'~=-../__,.-= +------------------------------+
On Sat, 15 Sep 2001, Bob Martin wrote:
> I'll tackle the easy part first. The reason it's called mergemaster is
> that you have to merge your configuration into the new systemfiles. So
> the generated sendmail.cf doesn't include your configuration, nor do any
> of the other files in /usr/src/etc.
>
> The reason that we keep asking about /etc/pam.conf is that it is one of
> the "common threads". /etc/hosts.allow and /etc/login.conf are the also
> common to ftp, telnet and ssh. Moreover, pam.conf recently changed. (See
> /usr/src/UPDATING for details).
>
> It would seem that you've already covered the bases. I can only think of
> 2 other possible causes. First, these services are (at least in default
> configurations) designed to refuse UID's of 0. The other thing that
> comes to mind is that these services also require a valid home directory
> and a valid shell. For example, if cvarda's shell is
> /usr/local/bin/bash, and that shell is not in /etc/shells (clobbered by
> mergemaster?) then the login would be refused.
>
> Bob Martin
>
> Conrado Vardanega wrote:
> >
> > I ran mergemaster after some installworlds and I've found no changes on
> > pam.conf.
> >
> > By the way, I've been checking out mergemaster's output files and the
> > generated sendmail.cf didn't included my current configuration. Is this
> > wrong?
> >
> > As stated on original message: The server has no ipfw rules (default to
> > accept), login.access is default, hosts.allow is default (first line
> > "ALL:ALL:allow"). All machines have DNS entry, as well reverse matching the
> > forward name.
> >
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-stable" in the body of the message
>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0109150754340.33440-100000>