HPE Community
Operating System - HP-UX
1827286 Members
1624 Online
109717 Solutions
New Discussion

Root access across the network

 
Roxworth Cornette
Advisor

‎05-15-2002 05:07 AM

‎05-15-2002 05:07 AM

Root access across the network

I have a few HPUX workstations that i need to access from one that i do my administration on. My problem is that root on my machine does not have exclusive access on another machine to do certain things even though all of the workstations have the same root password. I am running NIS. Is there something that i can do that will allow the other workstations to know that root on my workstation is the same as root on their workstations?
No matter how much you kow today you'll have to know more tomorrow.
0 Kudos
Reply
5 REPLIES 5
Pete Randall
Outstanding Contributor

‎05-15-2002 05:08 AM

‎05-15-2002 05:08 AM

Re: Root access across the network

You need to have .rhosts set up on each machine.

HTH,
Pete

Pete
0 Kudos
Reply
Sukant Naik
Trusted Contributor

‎05-15-2002 05:12 AM

‎05-15-2002 05:12 AM

Re: Root access across the network

Hi,

Few options

1. create an .rhosts file in the root's home directory on each of the server with the following entries

server1 root
server2 root
server3 root

Then you can do rlogin to any of the servers without entering the password.

Who dares he wins
0 Kudos
Reply
Sukant Naik
Trusted Contributor

‎05-15-2002 05:18 AM

‎05-15-2002 05:18 AM

Re: Root access across the network

Hi Roxworth,

Sorry I pressed submit by mistake. The earlier posting of mine was not complete.

> Is there something that i can do that will allow the other workstations to know that root on my workstation is the same as root on their workstations?

You can change the following passwd entry in the /etc/nsswitch.conf file of your servers

passwd: nis files

This means that the system will check the NIS server for the root user and then the local passwd file and you will have only one password for root across all your servers in the NIS domain.

I feel there are issues with this, which I want our other forum members to also contribute.
( Like what happens the NIS server is down )

-Sukant
Who dares he wins
0 Kudos
Reply
PIYUSH D. PATEL
Honored Contributor

‎05-15-2002 05:23 AM

‎05-15-2002 05:23 AM

Re: Root access across the network

Hi,

You can try want Sukant told.

If your NIS server fails then you do have a problem. You can also create a NIS slave server which will contain the backup map files.

Regards,
Piyush

0 Kudos
Reply
Jeff Schussele
Honored Contributor

‎05-15-2002 05:32 AM

‎05-15-2002 05:32 AM

Re: Root access across the network

One issue that should be addressed is that root telnet access be disallowed from non-console ttys. This is a high security risk if allowed to happen.
It can be prevented by creating a file
/etc/securetty
that contains the string console
File should have only root write perms.
If users need root telnet access they should login with their normal UIDs & su up to root.
Note this will NOT prevent rpc access i.e. rlogin, remsh, etc. Will ONLY prevent root telnet access from anywhere EXCEPT the console.

The other is that any .rhosts files should ONLY have user read/write perms - 0600 perms in octal. AND the user's home dir should have write restricted perms such that no other user could write a new .rhosts file into it.

Even such using .rhosts & hosts.equiv still present a significant security risk & perms on the above files should be closely watched.

Rgds,
Jeff
PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.