I just changed one of the servers here to Enhanced (C2) security.
Subsequently, I discovered that someone had setup an account dedicated to
remote execution. That is, no one logged into this account; it was only
used to execute programs via rsh. The no-login restriction had been
enforced by setting the login shell in /etc/passwd to /bin/true. This
disallowed logins, but still allowed rsh to work. Unfortunately, a side
effect of enhanced security seems to be a change of side effects. /bin/true
effectively stops rsh execution in addition to preventing logins.
Is there some way to build an account that only allows remote execution
without login? I'm not concerned about the "security implications" of this,
since this is an internal application between two known and trusted systems.
However, I have to keep enhanced security on due to corporate IT policy.
Thanks,
Frank
Received on Tue Aug 24 1999 - 17:36:13 NZST