Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 15 Sep 2001 07:56:06 -0500 (CDT)
From:      "Jeffrey J. Libman" <jeffrl@wantabe.com>
To:        Bob Martin <bob@buckhorn.net>
Cc:        Conrado Vardanega <cvspam@ig.com.br>, freebsd-stable@FreeBSD.ORG
Subject:   Re: Disallowed any service (not ssh), part III
Message-ID:  <Pine.BSF.4.21.0109150754340.33440-100000@cutter.wantabe.com>
In-Reply-To: <3BA3483B.58E03871@buckhorn.net>

next in thread | previous in thread | raw e-mail | index | archive | help
i got caught recently by this one: is it possible that in running
mergemaster, the newest inetd.conf file was put in place? this file has a
number of services commented out. i am just reaching here...but worth
checking i guess.

cheers,
jeff

--
                                |
                                |\            +------------------------------+
Jeffrey J. Libman, ops. mgr.    | \           |  Wantabe Internet Services   |
Wantabe, Inc.                   |__\          +------------------------------+
jeffrl@wantabe.com        <-----|------>      | access web cgi ftp news mail |
(281) 493-0718       __,.-=\'`^`'~=-../__,.-= +------------------------------+

On Sat, 15 Sep 2001, Bob Martin wrote:

> I'll tackle the easy part first. The reason it's called mergemaster is
> that you have to merge your configuration into the new systemfiles. So
> the generated sendmail.cf doesn't include your configuration, nor do any
> of the other files in /usr/src/etc.
> 
> The reason that we keep asking about /etc/pam.conf is that it is one of
> the "common threads". /etc/hosts.allow and /etc/login.conf are the also
> common to ftp, telnet and ssh. Moreover, pam.conf recently changed. (See
> /usr/src/UPDATING for details). 
> 
> It would seem that you've already covered the bases. I can only think of
> 2 other possible causes. First, these services are (at least in default
> configurations) designed to refuse UID's of 0. The other thing that
> comes to mind is that these services also require a valid home directory
> and a valid shell. For example, if cvarda's shell is
> /usr/local/bin/bash, and that shell is not in /etc/shells (clobbered by
> mergemaster?) then the login would be refused.
> 
> Bob Martin
> 
> Conrado Vardanega wrote:
> > 
> > I ran mergemaster after some installworlds and I've found no changes on
> > pam.conf.
> > 
> > By the way, I've been checking out mergemaster's output files and the
> > generated sendmail.cf didn't included my current configuration. Is this
> > wrong?
> > 
> > As stated on original message: The server has no ipfw rules (default to
> > accept), login.access is default, hosts.allow is default (first line
> > "ALL:ALL:allow"). All machines have DNS entry, as well reverse matching the
> > forward name.
> >
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-stable" in the body of the message
> 


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0109150754340.33440-100000>