Free Downloads, Community Forum,
FAQs and Developer Resources


Make /Tools Your Home | Link to us

Today's posts | Posts since last visit | Most Active Topics

All Forums Register Login Search Subscriptions My Profile Inbox
Tool Warehouse FAQs Resources Help Member List Address Book Logout

help with rsh "Access is denied"

 
Logged in as: Guest
Users viewing this topic: none
  Printable Version
All Forums >> [SFU / Interix / SUA Technology] >> SFU / Interix - Getting Started >> help with rsh "Access is denied" Page: [1]
Login
Message << Older Topic   Newer Topic >>
help with rsh "Access is denied" - Jun. 13, '05, 12:15:23 AM   
vsustren

 

Posts: 5
Joined: Jun. 12, '05,
Status: offline
I beleive I followed all of the directions to setup rsh access, and yet I still get "Access is denied", even when trying to connect locally.

The rshsvc is starting as a service, using the local system account.

I created a .rhosts file (using notepad) in C:\WINNT\System32\drivers\etc. The permissions (UNIX style) are rw-rw-rw (666). The content of the .rhosts file is listed below:

% cat /dev/fs/C/WINNT/system32/drivers/etc/.rhosts
localhost username
gauss username
gauss.accris.net username
%

Where "username" is my username as reported via the "whoami" command.

I have executed the rshpswd command and entered my account password.

One oddity is that the Application log (in the Event Viewer) reports the following warning when I restart the rshsvc service:
RshSvc function 'fopen: Unable to open .rhosts file exclusively' Failed.

Thanks in advance for your help.

Best regards,
Tom
Post #: 1
RE: help with rsh "Access is denied" - Jun. 13, '05, 4:05:16 AM   
Rodney

 

Posts: 3728
Joined: Jul. 9, '02,
From: /Tools lab
Status: offline
There are two different "rsh" servers that come with SFU (just as there are two different "telnet" servers).
One is Win32-based and one is Interix/unix-based. I mention this because you have given information
from Win32 and then from Interix. You need to choose one or the other, and should do so based on what
you are going to be doing: if you are going to be running Unix shell scripts then you want to use
the Interix rshd (daemon); if you are running mostly Win32 commands then you likely want to
use the Win32 Rshsvc.

The (Win32) ".rhosts" file permissions (that you give) are way too open. Anyone can make changes to this
file which is a security nightmare and RshSvc is not going to like it (and rshd wouldn't either).
For the Win32 ".rhosts" file check the file ownership and permissions in Win32 (e.g. cacls.exe).


Did you run 'rshpswd' (in WIn32) or regpwd (in Interix) to register your password?
Does the server machine have it's DNS server returning info for "gauss"?
Does the DNS for the IP returned by the lookup of "gauss" result in "gauss"?
i.e. "nslookup gauss" ==> IP == 192.168.0.22 --- "nslookup 192.168.0.22 ==> name == gauss

< Message edited by Rodney -- Jun. 13, '05, 4:06:21 AM >

(in reply to vsustren)
Post #: 2
RE: help with rsh "Access is denied" - Jun. 13, '05, 6:21:20 AM   
vsustren

 

Posts: 5
Joined: Jun. 12, '05,
Status: offline
I had originally chosen the Win32 approach, as it seemed to be the one installed by default. Thank you for the clarification regarding when to run each. I will be using primarily UNIX scripts, so I have changed to the UNIX approach. To do this, I disabled the rshsvc in Windows services, then uncommented the rshd line in /etc/inetd.conf, su'd to local administrator "GAUSS+Administrator", cd'd to /etc/init.d and ran "sh inet stop" then "sh inet start". There is a /etc/.rhosts file, containing the single line "gauss", with permissions 644.

Now I receive the error "Permission denied" when I run "rsh gauss ls". The messages file receives following the syslog message:
Jun 13 06:02:28 gauss.ACCRIS.net rshd[1411]: connect second port 1022: Address already in use.

Thanks in advance.

Best regards,
Tom

(in reply to vsustren)
Post #: 3
RE: help with rsh "Access is denied" - Jun. 13, '05, 6:24:04 AM   
vsustren

 

Posts: 5
Joined: Jun. 12, '05,
Status: offline
Correction, the .rhosts file is in my home directory, with permissions 644.

Best regards,

(in reply to vsustren)
Post #: 4
RE: help with rsh "Access is denied" - Jun. 13, '05, 12:34:54 PM   
Rodney

 

Posts: 3728
Joined: Jul. 9, '02,
From: /Tools lab
Status: offline
Okay, sounds like you did things for starting rshd correctly.

WinSock (which is running the TCP/IP stack underneath) is tempermental
sometimes during the closing stages (FIN actually). And that may play
a role with the "Address already in use" message. But the code is written
to list this to syslogd and then try another port. So we can ignore
this message for now.

"Permission denied" usually means what it says. There can be a couple of reasons
for giving it. I usually recommend that the permission for the "~/.rhosts" file
be mode 0600. At the most permissive it is allowed to be 0640. World/other are
allowed absolutely no access to the file. Also check that you own the file.
I'll assume your home directory is set correctly since you didn't mention a
message in the syslog about opening the ".rhosts" file.
I will also assume that when you installed that you turned SETUID on. If not
then refer to FAQ 1.03.

(in reply to vsustren)
Post #: 5
RE: help with rsh "Access is denied" - Jun. 13, '05, 3:36:07 PM   
vsustren

 

Posts: 5
Joined: Jun. 12, '05,
Status: offline
I reset the permissions on the ~/.rhosts file to 600, but still getting the "Permission denied" error. I am now backing off to just trying with the local administrator account (Windows Administrator account, domain as local server). I added the .rhosts file to the local administrator's home directory, permissions 600. As local administrator, I stopped/started inetd. Still, I am getting Permission denied.

When we installed SFU, we checked the SETUID option. This is SFU 3.5 on Windows 2003 server.

Thanks in advance.

Best regards,
Tom

(in reply to Rodney)
Post #: 6
RE: help with rsh "Access is denied" - Jun. 13, '05, 10:56:46 PM   
markfunk

 

Posts: 673
Joined: Mar. 31, '03,
Status: offline
1) what do you think the "home directory" is ?
You have to use the "home" directory as viewed by Interix. (not windows)
Here's an Interix perl script that will tell you:
quote:

#!/usr/local/bin/perl
#
# usage: ./getpwnam.pl username
#
$user = shift(@ARGV) || $ENV{USER} || $ENV{LOGNAME};

($name, $passwd, $uid, $gid, $quota, $comment, $gcos, $dir, $shell)
= getpwnam($user);

print "name = $name, homedir = $dir\n";
print "uid = $uid, gid = $gid\n";


2) the user's home directory has to be on a local filesytem

3) the .rhost file has to be owned by the user.
4) Use the Interix "chmod 600 .rhosts" command to ensure proper perms.
5) in the .rhosts file, use IP addresses, not hostnames.
6) In the rsh command, you may have to use the fully qualified
username with the -l option (e.g "rsh -l +Administrator ls")
7) you should start syslogd. Rshd may write some messages
to the log file (I'm not hopeful, but there may be something)

(in reply to vsustren)
Post #: 7
RE: help with rsh "Access is denied" - Jun. 14, '05, 12:02:17 PM   
vsustren

 

Posts: 5
Joined: Jun. 12, '05,
Status: offline
Hi Mark,

Thanks so much! Homedir was the trick. The script you sent revealed that the home directory was "/". I was under the impression that a simple "cd <return>" would take me to the user's homedir, but I guess not so.

Anyway, all works fine now.

Thanks again.

Best regards,
Tom

(in reply to markfunk)
Post #: 8
RE: help with rsh "Access is denied" - Aug. 19, '05, 11:19:19 AM   
stefano

 

Posts: 1
Joined: Aug. 19, '05,
Status: offline
Hi,

I have the same problem - rsh "Access is denied" - and I want to use the Win32-based version (rshsvc).
My .rhosts file is located in "C:\Windows\System32\drivers\etc" (OS is XP Pro SP 2). For testing my .rhosts file has only an entry:
+ +
I have executed the rshpswd command and entered my account password.

When I execute:

rsh cobra dir c:

from the cobra pc I get "Access is denied".
The file log "rshhistory" report, for example:

HostName:192.168.0.2 RemoteUser:COBRA\Stefano LocalUser:Stefano Command:dir c: Status:Unauthorized User

In the Stefano home directory I have put the .hosts file always with the entry:
+ +

I have used also:
cobra stefano

but without success.

SORRY FOR MY ENGLISH!!!

Thanks in advance for any help.

Best regards,
Stefano

(in reply to vsustren)
Post #: 9
Page:   [1]
All Forums >> [SFU / Interix / SUA Technology] >> SFU / Interix - Getting Started >> help with rsh "Access is denied" Page: [1]
Jump to:





New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts


Search All Forums -

Advanced search


SPONSORS



Forum Software © ASPPlayground.NET Advanced Edition 2.5 ANSI

0.063