HPE Community
Operating System - HP-UX
1833847 Members
2369 Online
110063 Solutions
New Discussion

Re: permission problem with ssh command

 
Tony Escujuri_1
Advisor

‎03-31-2003 01:02 PM

‎03-31-2003 01:02 PM

permission problem with ssh command

Version of HP-UX's build of openssh: OpenSSH_3.5p1

As a non-root user we create the authorized_keys file from the key generated from `ssh-keygen -t rsa -N ""

We then able to ssh without a password. But we noticed we can delete files on the remote end that are read only for a different user and then can be deleted via the command:
$ ssh oracle@hostname rm /tmp/12345 ; echo $?
0

ownerhip of the remote file is different and we chmod the file to 400 and we still can delete this file.

Is there something we need to do in the sshd_config conf file.. or something else.

TIA.

Tony Escujuri




I don't know very much!
0 Kudos
Reply
3 REPLIES 3
Tony Escujuri_1
Advisor

‎03-31-2003 01:20 PM

‎03-31-2003 01:20 PM

Re: permission problem with ssh command

Here are more details:
localhost [/directory/oracle/ora81]
$ id; ssh oracle@remotehost ls -ld /tmp/testfile1 ; ssh oracle@remotehost rm /tmp/testfile1; echo $?
uid=101(oracle) gid=101(dba)
-r-------- 1 escujurt users 6 Mar 31 21:08 /tmp/testfile1
0


remotehost [/tmp]
$ ls -ld /tmp/testfile1
/tmp/testfile1 not found

Is this normal for the default install.
I don't know very much!
0 Kudos
Reply
Tony Escujuri_1
Advisor

‎03-31-2003 02:00 PM

‎03-31-2003 02:00 PM

Re: permission problem with ssh command

Nevermind... unix101. we resolved this none issue.

Tony Escujuri
tony@unixadm.net
I don't know very much!
0 Kudos
Reply
Dusan Krasa
Advisor

‎04-01-2003 11:59 PM

‎04-01-2003 11:59 PM

Re: permission problem with ssh command

So I think that a "problem" is on remote system. The dir /tmp on remote has set default permision to 777. Anybody cant create a new file in this /tmp and everybody can remove all files in this /tmp. Set sticky-bit to the dir /tmp on remote host by chmod 1777 /tmp.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.