Thanks to:
Steve VanDevender <stevev_at_hexadecimal.uoregon.edu>
Roger Leonard <rleonard_at_cvty.com>
and especially to
Frank Wortner <frank_at_bondnet.com> who hit the nail on the head.
Steve asked about my /etc/hosts.allow file and Roger suggested that I
check file permissions on /etc/svc.conf & /etc/hosts. Neither was the
problem, but good suggestions, in any case.
Basically, the file permissions on /etc/resolv.conf & /etc/svcorder had
somehow been set to 600. They should have been 664. I've reset the
permissions and all is well. Now I've got to find out why the
permissions changed ... Original posting below.
-- begin original message --
My apologies if this is in the archives, but www-archives.ornl.gov seems
to be down and I can't search...
I'm running 4.0D + C2 + jumbo 3 on a PWS 433au. tcp_wrappers 7.6
Let me start by saying that I don't think the problem is tcp_wrappers,
but something that is preventing the host from resolving names, either
through dns or by using /etc/hosts when finger is called by
safe_finger. Fingering user_at_some.host is just the easiest way to
reproduce the symptoms.
Background: user's on the box are not getting logged in because the
wrapper is denying them (via -D PARANOID at compile time). The wrapper
appears to be denying them because it can't resolve the name/ip in both
directions. DNS *is* working correctly and the connecting hosts are in
the tables both ways. When the wrapper denies the connection, it tries
to do a reverse finger to the connecting host and then mails me a
message. The message contains the following error:
unknown host: host.domain
This prompted me to look at the safe_finger command, thinking that I'd
screwed up the line in hosts.deny. Not the case. Running safe_finger
against the connecting host produced the same error. Running finger
directly against the connecting host *as root* worked, but running the
same as a "normal" user failed. su'ing to nobody and running it fails
as well (nobody is the user that safe_finger runs as). I've checked the
permissions and ownerships of /, /usr, /usr/bin * /usr/bin/finger and
they're ok (the same as an almost identically configured PWS 433 on my
desk which doesn't show the same behavior):
drwxr-xr-x 21 root system 8192 Jul 23 11:18 /
drwxr-xr-x 25 root system 8192 May 11 09:50 /usr
drwxr-xr-x 6 root system 16384 Apr 11 09:12 /usr/bin
-rwxr-xr-x 2 bin bin 40960 Dec 29 1997 /usr/bin/finger
resolution order in /etc/svc.conf is local,bind,yp
If anyone has a clue, I'd really appreciate hearing it. TIA & I'll
summarize.
--
Jim Williams
Network Systems Programer
University of Alaska
Information Technology Services
http://sxjvw-2.sons.alaska.edu
Email Snail Mail
jim.williams_at_alaska.edu P. O. Box 755320
Phone: (907) 474-6290 910 Yukon Dr., Suite 105
Fax: (907) 474-7127 Fairbanks, AK 99775-5320
InterNIC: JW18920
See web page for PGP fingerprint & public key
#include <stddisclaimer.h>
Received on Mon Jul 26 1999 - 16:53:00 NZST