From owner-freebsd-current  Mon Nov 27 16:00:04 1995
Return-Path: owner-current
Received: (from root@localhost)
          by freefall.freebsd.org (8.6.12/8.6.6) id QAA11989
          for current-outgoing; Mon, 27 Nov 1995 16:00:04 -0800
Received: from phaeton.artisoft.com (phaeton.Artisoft.COM [198.17.250.211])
          by freefall.freebsd.org (8.6.12/8.6.6) with ESMTP id PAA11946
          for <freebsd-current@freebsd.org>; Mon, 27 Nov 1995 15:59:58 -0800
Received: (from terry@localhost) by phaeton.artisoft.com (8.6.11/8.6.9) id QAA19960; Mon, 27 Nov 1995 16:54:48 -0700
From: Terry Lambert <terry@lambert.org>
Message-Id: <199511272354.QAA19960@phaeton.artisoft.com>
Subject: Re: schg flag on make world in -CURRENT
To: vince@apollo.COSC.GOV (-Vince-)
Date: Mon, 27 Nov 1995 16:54:47 -0700 (MST)
Cc: joerg_wunsch@uriah.heep.sax.de, freebsd-current@freebsd.org
In-Reply-To: <Pine.BSF.3.91.951127141642.22740e-100000@apollo.COSC.GOV> from "-Vince-" at Nov 27, 95 02:17:25 pm
X-Mailer: ELM [version 2.4 PL24]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Content-Length: 1381      
Sender: owner-current@freebsd.org
Precedence: bulk

> > > 	Is there anyway to remotely login to a FreeBSD box and 'su' to root
> > > to do a make world without having to do noflags schg on all the files 
> > > with that flag on it generated by the last make world in -CURRENT?  Thanks!
> > 
> > Why don't you just use "rlogin" and "su"?
> 
> 	Does rlogin and su make any difference?  I'm using ppp from Win95 
> and I don't have a rlogin program, only telnet...

1)	Your user name must be in group "wheel" (in the file /etc/group).

2)	Your pty must be marked "secure".  Currently, it is marked as
	"network", mostly because networks aren't secure.  Since you
	can't pick your pty, you pretty much have to lett all of them
	in.  Be sure to put "Welcome, system crackers!" in your login
	prompt in gettytab.  8-).

The rlogin is vouchsafe, but needs a pty as well.  Besides, any user on
a DOS box is "root".  If you allowed "rlogin", then any user on any DOS
box you allowed could become any user on your machine by lying about
who they are.  The point in a UNIX<->UNIX peer environment is that you
are at least as secure as your root password on both machines combined.

Since telnet needs a pty as well, you have to have "secure" in the
/etc/ttys line either way.  So "rlogin" isn't an issue.


					Terry Lambert
					terry@lambert.org
---
Any opinions in this posting are my own and not those of my present
or previous employers.