problem using rsh for ordinary users!

nikk · October 16, 2001, 4:21am

Hello,
I'm going to use the remote tape via rsh , I think that all the necessary process have been done as below:

(suppose the machine name that want to use tape is : m1
& the source machine is: m2 )
1-in m2 machine i add: +
m1 in .rhosts file.
2-in m2 machine add m1 in /etc/hosts.equiv
3-in m1 machine also put m2 in /etc/hosts.equiv

But rsh just work for root from m1 machine & the ordinary users from m1 machine get "permission denied" .

what's the problem you think ?

Rgrds
shrn nikk:rolleyes:

rwb1959 · October 16, 2001, 1:58pm

Are they getting "permission denied" for login or to
run the command(s) to use the tape drive?
The latter would be more likely.

nikk · October 17, 2001, 1:55am

For logging to that machine , it doesn't have any problem but by using rsh as below for an ordinary user i get permission denied msg:

% rsh m1 mt -f /dev/rmt/1mbn st

Rgrds
sh_nikk

rwb1959 · October 17, 2001, 8:47am

What are the permissions on the "mt" command
on the remote machine?

nikk · October 17, 2001, 9:21am

This is 555 for mt command.

rwb1959 · October 17, 2001, 10:32am

The next question may be obvious but have you
logged in to the remote (via telnet) and as an "ordinary"
user, and can you execute the mt command fro the
command line?

Also, ordinary users may not have access to the device itself.
What are the perms on /dev/rmt/1mbn ?

nikk · October 21, 2001, 1:24am

for /dev/rmt/1mbn it has full permission .but as i checked the same problem ( perm denied for ordinary users) occured for some remote services like rcp , rsh ,...

(one point is that the solaris on the resource machine is 2.6 & for the other machine is 8.0)

Any idea!

rwb1959 · October 23, 2001, 3:18pm

Just for completeness, the following is from the ksh man page...

Rsh Only.
Rsh is used to set up login names and execution environments whose capabilities are more controlled than those of the standard shell. The actions of rsh are identical to those of sh , except that the following are disallowed:
changing directory (see cd(1)),
setting or unsetting the value or attributes of SHELL, ENV, or PATH,
specifying path or command names containing /,
redirecting output (>, >|, <>, and >>).
adding or deleting built-in commands.

The restrictions above are enforced after .profile and the ENV files are interpreted.

When a command to be executed is found to be a shell procedure, rsh invokes sh to execute it. Thus, it is possible to provide to the end-user shell procedures that have access to the full power of the standard shell, while imposing a limited menu of commands; this scheme assumes that the end-user does not have write and execute permissions in the same directory.

The net effect of these rules is that the writer of the .profile has complete control over user actions, by performing guaranteed setup actions and leaving the user in an appropriate directory (probably not the login directory).

The system administrator often sets up a directory of commands (e.g., /usr/rbin) that can be safely invoked by rsh.

...hope this helps.

eNTer · November 5, 2001, 7:17am

Usually you may see messages like "permission denied" if the terminal machine does not have an entry in the DNS. If the "ordinary user" can access the tape from localhost, but can not from a remote machine, this is the problem