HPE Community
Operating System - Linux
1825813 Members
2528 Online
109688 Solutions
New Discussion

Change profile

 
ust3
Regular Advisor

‎10-31-2007 07:44 PM

‎10-31-2007 07:44 PM

Change profile

I hv a server in remote site , I want to update the /etc/profile in this remote server , but I am afraid if the profile is fail to update , then I am no longer to login it again , can advise if I really need to update /etc/profile in remote server , what is the safe way ? if I allow ssh to the remote server , it is safe ? if not , can advise it .
thx
0 Kudos
Reply
3 REPLIES 3
Matti_Kurkela
Honored Contributor

‎10-31-2007 09:03 PM

‎10-31-2007 09:03 PM

Re: Change profile

Without knowing what changes you intend to make and why, we cannot really judge whether you really need to update /etc/profile or not.

SSH is considered fairly safe, if you use strong passwords (or maybe set it up to require SSH key authentication instead of passwords) and disable the backward compatibility option for the obsolete SSH protocol version 1. The old protocol version has known weaknesses which cannot be fixed without changing the protocol - that's why the new protocol version was created.

This procedure requires that you can open multiple simultaneous sessions to the remote server.

1.) connect to the server (connection 1)

2.) make a backup of the original /etc/profile

3.) make any changes you need to

4.) without disconnecting connection 1, make *another* connection to the server (connection 2)

5a) if connection 2 was successful and the changed profile did not cause any error messages, you know you at least did not make any fatal errors - proceed to step 6.

5b.) if connection 2 fails, you probably made a mistake that prevents new logins - use connection 1 to restore the backup you made at step 2 and try again.

6.) verify that the changes you made had the desired effect - if not, restore the backup you made at step 2 and rethink your changes

7.) don't close connection 1 until you've sure your changes are working as expected

MK
MK
0 Kudos
Reply
ust3
Regular Advisor

‎10-31-2007 09:13 PM

‎10-31-2007 09:13 PM

Re: Change profile

thx reply ,

your suggestion is good , however , I have to make sure the connection is not terminated ( may be several days because I need to make sure everything is OK ) , however the connection is via VPN that it is not very stable , therefore , except this method , is there other way to login as root without use /etc/profile , so that even /etc/profile is crashed , I still can login as root to restore it ?
thx
0 Kudos
Reply
Tor-Arne Nostdal
Trusted Contributor

‎11-01-2007 10:52 PM

‎11-01-2007 10:52 PM

Re: Change profile

Hi ust3
As Matti have explained, you can do this pretty safe if you follow his recommendations.
Just pay attention to his point 7)
Do not close your 1'st session until you have verified your changes on a 2'nd session

You can revert to the original /etc/profile via your 1'st session.

Remember:
The /etc/profile is only executed when you perform a new login (start a new session).

Careful approach:
Since every user starting a new session will run through this new /etc/profile, and perhaps get an error.
To avoid this, you could test your settings only on one specific user first.

1) edit the ~testuser/.profile
2) login as testuser and verify the changes
3) If ok, then backup and implement the changes to /etc/profile
Backup copy the, cp -p /etc/profile /etc/profile.bck
vi /etc/profile

-------
Related to ssh:
If you still use telnet instead of ssh for login remotely, I would say you're working insecure (unless your network administrator have put a lot of security on the network).

It is not a big effort to start using ssh instead. You might however need to change your terminal emulator if this don't support ssh.

There is good freeware products for ssh terminal emulation.
One very common is Putty which can be found on several download sites (http://www.putty.nl/download.html)
You can also tunnel X-window sessions through Putty.
There is also freeware X-window emulators available (CygWin, Xming ...).

If you have to use telnet and have systems which do not support ssh at all, Putty can still be used as it support this as well.
But remember - using ftp/telnet is in general defined as insecure...

/Tor-Arne
I'm trying to become President of the state I'm in...
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.