Why does rsh give "Permission denied"?
Jonathan I. Kamens
jik at athena.mit.edu
Thu Feb 28 05:46:17 AEST 1991
In article <C82-GC at rpi.edu>, fitz at mml0.meche.rpi.edu (Brian Fitzgerald) writes:
|> The directory path to $HOME should be executable by "others" and the
|> .rhosts file should be readable by "others". Adding or removing "user"
|> or "group" permission bits, or the write or execute "others" bits to
|> .rhosts does not alter this.
Oh, really? I just created a .rhosts file mode 644, and tried to log in
remotely without a password, and it didn't work. I then changed it to mode
600, and it did work.
The only time .rhosts has to be readable by others is on a system where home
directories are remote filesystems (NFS, AFS, whatever) and root isn't
trusted. And, in that case, the BSD software has to be modified so that it no
longer requires that group and world read permissions be unset from .rhosts.
It *does* check in standard 4.3BSD, and the reason for it is that if someone
else can read your .rhosts, they can figure out what hosts and users they need
to impersonate in order to log into your account without a password.
Same with the directory path being executable by others. That is only
necessary if any portion of the path is on a remote filesystem and root isn't
trusted.
|> The above is true of the Suns and aix machines I have seen.
Well, then, the machines you have seen have been modified to allow
world-readable permissions on the .rhosts file. This is not the "default"
behavior of the BSD networking software, although it is becoming more common
as more sites use remote filesystems for home directories.
--
Jonathan Kamens USnail:
MIT Project Athena 11 Ashford Terrace
jik at Athena.MIT.EDU Allston, MA 02134
Office: 617-253-8085 Home: 617-782-0710
More information about the Comp.unix.questions
mailing list