[Debburn-changes] r523 - in cdrkit/trunk: doc/READMEs libusal

Wed Nov 29 11:57:12 CET 2006

Author: blade
Date: 2006-11-29 11:57:12 +0100 (Wed, 29 Nov 2006)
New Revision: 523

Modified:
   cdrkit/trunk/doc/READMEs/README.netscsid
   cdrkit/trunk/libusal/CMakeLists.txt
Log:
Forced definition of USE_RCMD_RSH and updated documentation, for ssh and non-suid usage

Modified: cdrkit/trunk/doc/READMEs/README.netscsid
===================================================================

--- cdrkit/trunk/doc/READMEs/README.netscsid	2006-11-29 10:25:39 UTC (rev 522)
+++ cdrkit/trunk/doc/READMEs/README.netscsid	2006-11-29 10:57:12 UTC (rev 523)
@@ -25,22 +25,35 @@
 
 To enable remote SCSI via the login shell method you should do the following:
 
-	-	Add an entry to /etc/passwd in the form:
+  -	Install netscsid into /usr/sbin. It can be set suid-root if neccessary, see
+    security section below.
 
-		netscsid:x:1999:1000:Tape:/export/home/netscsid:/usr/sbin/netscsid
+	-	Install a file /etc/netscsid.conf and define access rights.
+		Without this file, netscsid will not work at all.
+		The template for this file is: netscsid/netscsid.dfl
+ 
+ - For the special user method, create a user account. This can be done with a
+   frontend like adduser or useradd, if available. The user should have /usr/sbin/netscsid as the login shell.
+   If there is no frontend tool, try this:
 
-		(modify this according to your OS). And don't forget to
-		modify /etc/shadow the way it needs to be on your OS.
+   +	Add an entry to /etc/passwd in the form:
 
-	-	Create a  home directory for this user and add a .rhosts file
-		to allow access to all users you like.
+      netscsid:x:1999:1000:Tape:/home/netscsid:/usr/sbin/netscsid
 
-	-	Install netscsid suid root into /usr/sbin
+      (modify this according to your OS). And don't forget to
+      modify /etc/shadow the way it needs to be on your OS.
 
-	-	Install a file /etc/netscsid.conf and define access rights.
-		Without this file, netscsid will not work at all.
+   +	Create the home directory for this user, adapt the user/group ownership
+      on this directory.
+  
+  - if you use SSH as the login shell (via appropriate RSH environment variable
+    or a symlink to "rsh" which is the case for many Linux distribution),
+    consult the ssh documentation for details.
+    Note that SSH requires sufficiently powered client/server systems to
+    encrypt/decrypt data in realtime.
 
-		The template for this file is: netscsid/netscsid.dfl
+  - if you use traditional rsh, add a .rhosts file to this directory to allow
+    access to all users you like (see rsh documentation)
 
 NETSCSID Security:
 
@@ -63,7 +76,8 @@
 NETSCSID Security hints:
 
 -	Do not generally allow other users to see your boot disk via NETSCSID.
-	All people who see this disk may edit your passwd file.
+  All people who see this disk may edit your passwd file. This especially
+  applies to suid-root usage. For non-suid-root, check the access permissions.
 
 -	If you are in doubt, only export CD-ROM drives, scanners and similar
 	devices that are not directly security sensitive.

Modified: cdrkit/trunk/libusal/CMakeLists.txt
===================================================================
--- cdrkit/trunk/libusal/CMakeLists.txt	2006-11-29 10:25:39 UTC (rev 522)
+++ cdrkit/trunk/libusal/CMakeLists.txt	2006-11-29 10:57:12 UTC (rev 523)
@@ -1,6 +1,7 @@
 PROJECT (LIBSCG)
 INCLUDE_DIRECTORIES(../include ${CMAKE_BINARY_DIR})
 include(../include/AddScgBits.cmake)
+ADD_DEFINITIONS(-DUSE_RCMD_RSH)
 
 #SET(LIBSCG_SRCS rdummy.c usalsettarget.c usaltimes.c scsi-linux-ata.c scsi-linux-pg.c scsi-linux-sg.c scsierrs.c scsihack.c scsihelp.c scsiopen.c scsitransp.c)
 SET(LIBSCG_SRCS usalsettarget.c usaltimes.c scsierrs.c scsihack.c scsihelp.c scsiopen.c scsitransp.c scsi-remote.c)


