From owner-freebsd-questions Fri Jun 18 14:34:37 1999 Delivered-To: freebsd-questions@freebsd.org Received: from ralf.serv.net (a.serv.net [207.207.72.1]) by hub.freebsd.org (Postfix) with ESMTP id C630C14DD9 for ; Fri, 18 Jun 1999 14:34:33 -0700 (PDT) (envelope-from mcglk@serv.net) Received: (from mcglk@localhost) by ralf.serv.net (8.9.3/8.9.3) id OAA30706; Fri, 18 Jun 1999 14:43:09 -0700 (PDT) (envelope-from mcglk@serv.net) X-Authentication-Warning: ralf.serv.net: mcglk set sender to mcglk@serv.net using -f From: Ken McGlothlen MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <14186.48492.781858.783714@ralf.serv.net> Date: Fri, 18 Jun 1999 14:43:08 -0700 (PDT) To: questions@FreeBSD.ORG Subject: Re: Trying to use telnetd. References: <14181.34146.537092.357907@ralf.serv.net> X-Mailer: VM 6.72 under Emacs 20.3.1 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG dwhite@resnet.uoregon.edu (Doug White) writes: | mcglk@serv.net (that's me) writes: | > Under 2.2.1-RELEASE [...], all he had to do was call me up, I'd su to root | > and run | > | > /usr/libexec/telnetd -debug 8080 | > | > and then he'd telnet to my machine, port 8080, and be on. Even better, it | > turned out that only one login was permitted at the port, so it was a | > fairly nice on-demand moderately secure way of getting him in. | > | > Unfortunately, this no longer seems to work. What happens is that when I | > set up the telnetd, this happens at the login: | > | > $ telnet localhost 8080 | > | > FreeBSD/i386 (unka.dunka.doo) (ttypi) | > | > login: -h option: Operation not permitted | | Note that login is a actual program; see login(1). | | I'm guessing that root-ness is getting eaten by telnetd. Or something. | | Why not just drop this into inetd.conf? First, sorry for the long excerpt. The reason I don't want to drop this into inetd.conf is that I don't want to leave this port open all the time for telnet access; just as an on-demand sort of thing. But if that's not possible . . . let's explore this a bit. So what I'd have to do, if I were pursuing this, would be to add the following to /etc/services goomba 8080/tcp # Special firewall login spigot goomba 8080/udp and then the following to /etc/inetd.conf goomba stream tcp nowait root /usr/libexec/telnetd telnetd -debug 8080 Would that be correct? | I'm guessing login is checking the uid and not the euid of the process. It | notices that the uid is yours (as a user) and pukes. It might work if you | log in as root (not su) and then run it. Hm. That would require opening up a bunch of terminals in /etc/ttys. Not sure I really want to do that. Maybe if I could log into a *specific* terminal, but I don't know how to do that. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message