[Q] CDE, Avoiding the root nag screen. My original longish question
is attached to the bottom of this summary. - 11/16/1998
----------------------------------------------------------------------
[Apology]
Sorry I am late with this summary. I was having problems logging in
as root using the common desktop environment running on my windows95
box attached to our Novell network. Of course, I could go downstairs
and log in as root, or I could su to root; but upstairs, I wanted the
full X-windows convience of a true root login. The UNIX boxes denying
the root logins were attached to same network as well; but and
apparently unbeknown to me, Microsoft Networking was giving up the
client's host name information and UNIX Expected to see that client's
host name in the /etc/securettys file which it wasn't and since it
wasn't its "root login refused on this terminal", which was my
terminal by the way. To correct the problem you need to place the
host name of your terminal in the /etc/scurettys file. The trick is
figuring out how to spell the client's correct hostname.
----------------------------------------------------------------------
[Thank You]
I received responses from the following individuals.
On 11/17/1998 From Oyanarte Portilho <portilho_at_fis.unb.br>
On 11/17/1998 From Raymond West <Raymond.West_at_digital.com>
On 02/12/1999 From Paul Henderson <pgh_at_unx.dec.com>
----------------------------------------------------------------------
[Summary]
There were to basic solutions:
1) /etc/securettys solution
Just add your PC name, which runs eXcursion and by which you would
like to access your station as root, in the /etc/securettys file.
Then maybe you also have to run
/usr/tcb/bin/convauth -d tv
Good luck,
Oyanarte Portilho
Institute of Physics
University of Brasilia, Brazil
---
Oyanarte, good advice, I tried it but it didn't work. Hehehe, but
then I am kinda of stupid. :) What I didn't know was how to find use
the correct hostname for my client. Of course I didn't know that was
my problem until Raymond helped me out; but then I didn't now about
the /etc/securetty thing either, until you helped me out, thanks. :)
---
RE: C990210-3317 eXcursions ROOT signon problems
Kevin,
Actually, after poking around with this for quite some time we
found a relatively easy way to see what hostname is attempting to
connect.
If you view the auth.log file you should see an entry.
# cat /usr/var/adm/syslog.dated/whatever-date-is-relevant/auth.log
Feb 12 11:25:16 as500 syslog: ROOT LOGIN REFUSED pc1:0
In this example a pc called pc1 was attempting to connect to a dux
box called as500 and failed.
If you then modify the /etc/securettys file with the correct pc
nodename info then this will allow root access..
pc1:0
Let me know how this works out,
Raymond
---
Yes, Raymond it works now, thanks
---
2) The dop solution
The 'nag' program is /usr/sbin/dop. "dop" stands for division of
privleges. When you click on a CDE icon for a system management
application, the actual exec string used is "dop -n <application".
This checks to see if you are root. If you are not, it asks for
root password.
You can 'dop' anything by saying "/usr/sbin/dop <anything>".
If you want to get rid of all the nags, you need to modify the CDE
rules files. These are located in /usr/dt/appconfig/types/C, and
are in the files *_sm.dt (dailyadmin_sm.dt, netbind_sm.dt, etc.).
You can change the actual EXEC string that gets executed by
modifying those files. You can also add 'dop' to any rules (like
Networker's) that don't use dop now, but which you would like to
use dop with.
Paul Henderson
---
I havn't been able to use dop yet. I tried it from the command line
$/usr/sbin/dop /usr/bin/X11/xeyes and I also tried creating an action.
I get an error message both ways.
I assume I have to add the application to /etc/doprc using the command
/usr/sbin/dop -a /usr/bin/X11/xeyes or something like that. I haven't
tried it yet though!
/usr/sbin/dop with no parameters give a little bit of helpfull info
but I can't seem to find a manpage on it. When time permits I will
learn how dop a few of my GUIs. I would like to dop xeyes, as soon as
I have time to play with it that is.
---
----------------------------------------------------------------------
[Q] ORIGINAL LONGISH FULL LENGTH QUESTION
Assume: $/usr/sbin/rcmgr get SECURITY BASE
BASE
Upstairs, I run eXcursion's version V3.0.571 of the Common Desktop
Environment on a Windows95 platform. I like it very much but the
login_shell for this CDE does not allow for root logins.
Downstairs, the CDE login_shell running on our Digital Unix Alpha
server does allows for root logins.
I run a lot of SysAdmin type programs and prefer to run these programs
upstairs. Some of these applications are smart enough to querry
whether they should run as root or whether they should just run under
my username by throwing up a root nag screen. However many of the
SysAdmin type applications that I use are not nag-enabled and have to
be GUI-ed up the old fashion way by executing them via name from a
terminal window after su-ing to root. Since my memory isn't that
good, I have to hunt down the name of these application before they
can be executed. This a hassle. I just want to click on an icon.
For example, when you click on the NetWorker 5.2 icon there is no root
nag screen. However should it find my USERNAME on its built in list
of administrators, it will allow me to administer the product. In
order to get my name on that list though, I had to su to root and GUI
up the old fashion way, after that adding myself was easy. Hehehe,
hopefully that is the only time we have to do that. We are just now
enable-ing the product and we don't have a feel for it yet.
So to make a long story short, I am not getting enough nags, but the
nags I do get, I would rather not see. If I could just sign in as
root upstairs I could eliminate this problem. Who is placing this
restriction on me? Is it UNIX, the CDE, or something built into
eXcursion? I have access but its hard to use; know what I mean?
Does anyone have a configurement fix for this problem?
General points of information for or against are appreciated.
- Thanks Kevin
Received on Mon Feb 15 1999 - 20:01:25 NZDT