[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

RE: [K12OSN] mount /dev/hda on the *terminal*



Hey Steve,

Here's a thought.

Why not create a special user and join them to group root?

Give that user a password as well.

That would appear to close the security hole a little.

I'm busy getting this server into full production.

Cheers,
Bert

On Monday, July 29, 2002 6:56 PM, Steve Wright [SMTP:paua quicksilver net nz] wrote:
> Bert Rolston wrote:
> 
> >Hey Steve,
> >
> >Could you send me a HOW-TO or something like that?
> >
> >This looks like a very useful piece of work.
> >
> 
> Ok,  Realise though that's not complete, and you are making one BIG 
> security hole in your terminals LOCAL LOGINS !
> There are LOTS of commands missing on the Terminal that you really need 
> to hack this, and the kernel version on the terminal is different to 
> that on the server, therefore many libs don't work properly.  So, caveat 
> emptor ad-nauseum.
> 
> 
> Ok,  in /opt/ltsp/i386/etc/passwd
> 
> change;
> 
> root:x:0:0:root:/root:/bin/false
> 
> to;
> 
> root:x:0:0:root:/root:/bin/bash
> 
> thereby enabling root logins with no password.  8-o
> 
> 
> Then in  /opt/ltsp/i386/etc/shadow    <-- you may have to create this
> 
> create a line like ;
> 
> root:$1$heapsofunintelligblejunkinhere: blahblah:::  <--- deliberately 
> munged, don't use.
> 
> hint:  have a look at /etc/shadow  and steal a line out of there.
> 
> CHECK THE PERMISSIONS OF THESE TWO FILES.  RW for root only!  8-/  I think..
> 
> Then in  /opt/ltsp/i386/etc/inittab   add a line vis ;
> 
> 3:2345:respawn:/sbin/mingetty tty5
> 
> and then, as root,   `cp /sbin/mingetty /opt/ltsp/i386/sbin/`
> 
> and reboot the terminal and test.  Press <CTRL><ALT><F5> and you
> should get "Login:"
> 
> Login as 'root'
> 
> Have a good hack at that login prompt, and make sure it's working 
> properly.  You do NOT want
> folks in there as root.  At least make sure "root" and <enter>  (no 
> password) does not work.  8-/
> 
> ------------------------
> 
> Right, now the HDD mounting.
> 
> login to the terminal as root, then type ;
> 
> 
> # modprobe ide-disk
> # modprobe ide-mod
> # modprobe ide-probe-mod
> 
> and you should be greeted with a little splurge from the kernel about 
> the ide disks you have.
> 
> Now, on the server, you can create new directories in /opt/ltsp/i386/   
> such as /opt/ltsp/i386/var/install/win-images
> 
> and then you can do cool stuff like ;
> 
> # fdisk /dev/hda
> # mke2fs /dev/hda1
> # mkdir /tmp/hda1
> # mount /dev/hda1 -t ext2 /tmp/hda1
> 
> 
> If folks are thinking of using this as an "Install Server" then keep us 
> informed.  
> 
> I used it today to put "Peanut Linux" on a mates' P166.  It worked like 
> a dream.  heh, boot as terminal, login to terminal, fdisk, mke2fs and 
> `cp` the lot over.
> 
> Next I'd like to automate the whole thing..
> 
> 
> regards,
> Steve
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> _______________________________________________
> K12OSN mailing list
> K12OSN redhat com
> https://listman.redhat.com/mailman/listinfo/k12osn
> For more info see <http://www.k12os.org>
> 





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]