From owner-freebsd-bugs Fri Mar 7 20:50:10 2003 Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0481B37B401 for ; Fri, 7 Mar 2003 20:50:09 -0800 (PST) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 56BFD43FB1 for ; Fri, 7 Mar 2003 20:50:08 -0800 (PST) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.6/8.12.6) with ESMTP id h284o8NS073761 for ; Fri, 7 Mar 2003 20:50:08 -0800 (PST) (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.12.6/8.12.6/Submit) id h284o8JG073760; Fri, 7 Mar 2003 20:50:08 -0800 (PST) Date: Fri, 7 Mar 2003 20:50:08 -0800 (PST) Message-Id: <200303080450.h284o8JG073760@freefall.freebsd.org> To: freebsd-bugs@FreeBSD.org Cc: From: Mike Makonnen Subject: Re: bin/48940: rcp fails for root even when rsh works fine Reply-To: Mike Makonnen Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org The following reply was made to PR bin/48940; it has been noted by GNATS. From: Mike Makonnen To: Bruce Evans Cc: freebsd-gnats-submit@FreeBSD.ORG Subject: Re: bin/48940: rcp fails for root even when rsh works fine Date: Fri, 7 Mar 2003 23:47:34 -0500 On Sat, 8 Mar 2003 08:08:35 +1100 (EST) Bruce Evans wrote: > > Er, ssh's configurarion doesn't affect rsh. > > I don't know how rsh can work for root without changing > /etc/pam.d/rsh to add a security hole almost as above. Without such a > hole, neither rsh nor rcp by root work for me; with such a hold, they both > work for me. Argh! I read that as: scp was not working. Sorry. To allow rsh and/or rcp by root you need to do what Bruce said. Specifically, you need to allow root in the pam_rhosts module: Index: src/etc/pam.d/rsh =================================================================== RCS file: /home/ncvs/src/etc/pam.d/rsh,v retrieving revision 1.4 diff -u -r1.4 rsh --- src/etc/pam.d/rsh 18 Apr 2002 17:40:27 -0000 1.4 +++ src/etc/pam.d/rsh 8 Mar 2003 04:43:23 -0000 @@ -6,7 +6,7 @@ # auth auth required pam_nologin.so no_warn -auth required pam_rhosts.so no_warn +auth required pam_rhosts.so allow_root no_warn # account account required pam_unix.so Cheers. -- Mike Makonnen | GPG-KEY: http://www.identd.net/~mtm/mtm.asc mtm@identd.net | Fingerprint: D228 1A6F C64E 120A A1C9 A3AA DAE1 E2AF DBCC 68B9 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message