[Debburn-changes] r523 - in cdrkit/trunk: doc/READMEs libusal
Eduard Bloch
blade at alioth.debian.org
Wed Nov 29 11:57:12 CET 2006
Author: blade
Date: 2006-11-29 11:57:12 +0100 (Wed, 29 Nov 2006)
New Revision: 523
Modified:
cdrkit/trunk/doc/READMEs/README.netscsid
cdrkit/trunk/libusal/CMakeLists.txt
Log:
Forced definition of USE_RCMD_RSH and updated documentation, for ssh and non-suid usage
Modified: cdrkit/trunk/doc/READMEs/README.netscsid
===================================================================
--- cdrkit/trunk/doc/READMEs/README.netscsid 2006-11-29 10:25:39 UTC (rev 522)
+++ cdrkit/trunk/doc/READMEs/README.netscsid 2006-11-29 10:57:12 UTC (rev 523)
@@ -25,22 +25,35 @@
To enable remote SCSI via the login shell method you should do the following:
- - Add an entry to /etc/passwd in the form:
+ - Install netscsid into /usr/sbin. It can be set suid-root if neccessary, see
+ security section below.
- netscsid:x:1999:1000:Tape:/export/home/netscsid:/usr/sbin/netscsid
+ - Install a file /etc/netscsid.conf and define access rights.
+ Without this file, netscsid will not work at all.
+ The template for this file is: netscsid/netscsid.dfl
+
+ - For the special user method, create a user account. This can be done with a
+ frontend like adduser or useradd, if available. The user should have /usr/sbin/netscsid as the login shell.
+ If there is no frontend tool, try this:
- (modify this according to your OS). And don't forget to
- modify /etc/shadow the way it needs to be on your OS.
+ + Add an entry to /etc/passwd in the form:
- - Create a home directory for this user and add a .rhosts file
- to allow access to all users you like.
+ netscsid:x:1999:1000:Tape:/home/netscsid:/usr/sbin/netscsid
- - Install netscsid suid root into /usr/sbin
+ (modify this according to your OS). And don't forget to
+ modify /etc/shadow the way it needs to be on your OS.
- - Install a file /etc/netscsid.conf and define access rights.
- Without this file, netscsid will not work at all.
+ + Create the home directory for this user, adapt the user/group ownership
+ on this directory.
+
+ - if you use SSH as the login shell (via appropriate RSH environment variable
+ or a symlink to "rsh" which is the case for many Linux distribution),
+ consult the ssh documentation for details.
+ Note that SSH requires sufficiently powered client/server systems to
+ encrypt/decrypt data in realtime.
- The template for this file is: netscsid/netscsid.dfl
+ - if you use traditional rsh, add a .rhosts file to this directory to allow
+ access to all users you like (see rsh documentation)
NETSCSID Security:
@@ -63,7 +76,8 @@
NETSCSID Security hints:
- Do not generally allow other users to see your boot disk via NETSCSID.
- All people who see this disk may edit your passwd file.
+ All people who see this disk may edit your passwd file. This especially
+ applies to suid-root usage. For non-suid-root, check the access permissions.
- If you are in doubt, only export CD-ROM drives, scanners and similar
devices that are not directly security sensitive.
Modified: cdrkit/trunk/libusal/CMakeLists.txt
===================================================================
--- cdrkit/trunk/libusal/CMakeLists.txt 2006-11-29 10:25:39 UTC (rev 522)
+++ cdrkit/trunk/libusal/CMakeLists.txt 2006-11-29 10:57:12 UTC (rev 523)
@@ -1,6 +1,7 @@
PROJECT (LIBSCG)
INCLUDE_DIRECTORIES(../include ${CMAKE_BINARY_DIR})
include(../include/AddScgBits.cmake)
+ADD_DEFINITIONS(-DUSE_RCMD_RSH)
#SET(LIBSCG_SRCS rdummy.c usalsettarget.c usaltimes.c scsi-linux-ata.c scsi-linux-pg.c scsi-linux-sg.c scsierrs.c scsihack.c scsihelp.c scsiopen.c scsitransp.c)
SET(LIBSCG_SRCS usalsettarget.c usaltimes.c scsierrs.c scsihack.c scsihelp.c scsiopen.c scsitransp.c scsi-remote.c)
More information about the Debburn-changes
mailing list