All Forums |
Register |
Login |
Search |
Subscriptions |
My Profile |
Inbox |
Tool Warehouse |
FAQs |
Resources |
Help |
Member List |
Address Book |
Logout |
|
|
help with rsh "Access is denied"
|
Logged in as: Guest |
Users viewing this topic: none |
|
Login  |
|
|
help with rsh "Access is denied" - Jun. 13, '05, 12:15:23 AM
|
|
|
vsustren
Posts: 5
Joined: Jun. 12, '05,
Status: offline
|
I beleive I followed all of the directions to setup rsh access, and yet I still get "Access is denied", even when trying to connect locally.
The rshsvc is starting as a service, using the local system account.
I created a .rhosts file (using notepad) in C:\WINNT\System32\drivers\etc. The permissions (UNIX style) are rw-rw-rw (666). The content of the .rhosts file is listed below:
% cat /dev/fs/C/WINNT/system32/drivers/etc/.rhosts
localhost username
gauss username
gauss.accris.net username
%
Where "username" is my username as reported via the "whoami" command.
I have executed the rshpswd command and entered my account password.
One oddity is that the Application log (in the Event Viewer) reports the following warning when I restart the rshsvc service:
RshSvc function 'fopen: Unable to open .rhosts file exclusively' Failed.
Thanks in advance for your help.
Best regards,
Tom
|
|
|
RE: help with rsh "Access is denied" - Jun. 13, '05, 4:05:16 AM
|
|
|
Rodney
Posts: 3728
Joined: Jul. 9, '02,
From: /Tools lab
Status: offline
|
There are two different "rsh" servers that come with SFU (just as there are two different "telnet" servers).
One is Win32-based and one is Interix/unix-based. I mention this because you have given information
from Win32 and then from Interix. You need to choose one or the other, and should do so based on what
you are going to be doing: if you are going to be running Unix shell scripts then you want to use
the Interix rshd (daemon); if you are running mostly Win32 commands then you likely want to
use the Win32 Rshsvc.
The (Win32) ".rhosts" file permissions (that you give) are way too open. Anyone can make changes to this
file which is a security nightmare and RshSvc is not going to like it (and rshd wouldn't either).
For the Win32 ".rhosts" file check the file ownership and permissions in Win32 (e.g. cacls.exe).
Did you run 'rshpswd' (in WIn32) or regpwd (in Interix) to register your password?
Does the server machine have it's DNS server returning info for "gauss"?
Does the DNS for the IP returned by the lookup of "gauss" result in "gauss"?
i.e. "nslookup gauss" ==> IP == 192.168.0.22 --- "nslookup 192.168.0.22 ==> name == gauss
< Message edited by Rodney -- Jun. 13, '05, 4:06:21 AM >
|
|
|
RE: help with rsh "Access is denied" - Jun. 13, '05, 6:21:20 AM
|
|
|
vsustren
Posts: 5
Joined: Jun. 12, '05,
Status: offline
|
I had originally chosen the Win32 approach, as it seemed to be the one installed by default. Thank you for the clarification regarding when to run each. I will be using primarily UNIX scripts, so I have changed to the UNIX approach. To do this, I disabled the rshsvc in Windows services, then uncommented the rshd line in /etc/inetd.conf, su'd to local administrator "GAUSS+Administrator", cd'd to /etc/init.d and ran "sh inet stop" then "sh inet start". There is a /etc/.rhosts file, containing the single line "gauss", with permissions 644.
Now I receive the error "Permission denied" when I run "rsh gauss ls". The messages file receives following the syslog message:
Jun 13 06:02:28 gauss.ACCRIS.net rshd[1411]: connect second port 1022: Address already in use.
Thanks in advance.
Best regards,
Tom
|
|
|
RE: help with rsh "Access is denied" - Jun. 13, '05, 6:24:04 AM
|
|
|
vsustren
Posts: 5
Joined: Jun. 12, '05,
Status: offline
|
Correction, the .rhosts file is in my home directory, with permissions 644.
Best regards,
|
|
|
RE: help with rsh "Access is denied" - Jun. 13, '05, 12:34:54 PM
|
|
|
Rodney
Posts: 3728
Joined: Jul. 9, '02,
From: /Tools lab
Status: offline
|
Okay, sounds like you did things for starting rshd correctly.
WinSock (which is running the TCP/IP stack underneath) is tempermental
sometimes during the closing stages (FIN actually). And that may play
a role with the "Address already in use" message. But the code is written
to list this to syslogd and then try another port. So we can ignore
this message for now.
"Permission denied" usually means what it says. There can be a couple of reasons
for giving it. I usually recommend that the permission for the "~/.rhosts" file
be mode 0600. At the most permissive it is allowed to be 0640. World/other are
allowed absolutely no access to the file. Also check that you own the file.
I'll assume your home directory is set correctly since you didn't mention a
message in the syslog about opening the ".rhosts" file.
I will also assume that when you installed that you turned SETUID on. If not
then refer to FAQ 1.03.
|
|
|
RE: help with rsh "Access is denied" - Jun. 13, '05, 3:36:07 PM
|
|
|
vsustren
Posts: 5
Joined: Jun. 12, '05,
Status: offline
|
I reset the permissions on the ~/.rhosts file to 600, but still getting the "Permission denied" error. I am now backing off to just trying with the local administrator account (Windows Administrator account, domain as local server). I added the .rhosts file to the local administrator's home directory, permissions 600. As local administrator, I stopped/started inetd. Still, I am getting Permission denied.
When we installed SFU, we checked the SETUID option. This is SFU 3.5 on Windows 2003 server.
Thanks in advance.
Best regards,
Tom
|
|
|
RE: help with rsh "Access is denied" - Jun. 13, '05, 10:56:46 PM
|
|
|
markfunk
Posts: 673
Joined: Mar. 31, '03,
Status: offline
|
1) what do you think the "home directory" is ?
You have to use the "home" directory as viewed by Interix. (not windows)
Here's an Interix perl script that will tell you:
quote:
#!/usr/local/bin/perl
#
# usage: ./getpwnam.pl username
#
$user = shift(@ARGV) || $ENV{USER} || $ENV{LOGNAME};
($name, $passwd, $uid, $gid, $quota, $comment, $gcos, $dir, $shell)
= getpwnam($user);
print "name = $name, homedir = $dir\n";
print "uid = $uid, gid = $gid\n";
2) the user's home directory has to be on a local filesytem
3) the .rhost file has to be owned by the user.
4) Use the Interix "chmod 600 .rhosts" command to ensure proper perms.
5) in the .rhosts file, use IP addresses, not hostnames.
6) In the rsh command, you may have to use the fully qualified
username with the -l option (e.g "rsh -l +Administrator ls")
7) you should start syslogd. Rshd may write some messages
to the log file (I'm not hopeful, but there may be something)
|
|
|
RE: help with rsh "Access is denied" - Jun. 14, '05, 12:02:17 PM
|
|
|
vsustren
Posts: 5
Joined: Jun. 12, '05,
Status: offline
|
Hi Mark,
Thanks so much! Homedir was the trick. The script you sent revealed that the home directory was "/". I was under the impression that a simple "cd <return>" would take me to the user's homedir, but I guess not so.
Anyway, all works fine now.
Thanks again.
Best regards,
Tom
|
|
|
RE: help with rsh "Access is denied" - Aug. 19, '05, 11:19:19 AM
|
|
|
stefano
Posts: 1
Joined: Aug. 19, '05,
Status: offline
|
Hi,
I have the same problem - rsh "Access is denied" - and I want to use the Win32-based version (rshsvc).
My .rhosts file is located in "C:\Windows\System32\drivers\etc" (OS is XP Pro SP 2). For testing my .rhosts file has only an entry:
+ +
I have executed the rshpswd command and entered my account password.
When I execute:
rsh cobra dir c:
from the cobra pc I get "Access is denied".
The file log "rshhistory" report, for example:
HostName:192.168.0.2 RemoteUser:COBRA\Stefano LocalUser:Stefano Command:dir c: Status:Unauthorized User
In the Stefano home directory I have put the .hosts file always with the entry:
+ +
I have used also:
cobra stefano
but without success.
SORRY FOR MY ENGLISH!!!
Thanks in advance for any help.
Best regards,
Stefano
|
|
|
New Messages |
No New Messages |
Hot Topic w/ New Messages |
Hot Topic w/o New Messages |
|
Locked w/ New Messages |
Locked w/o New Messages |
|
Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
|
|