Entry 15129 (Berkeley CSUA MOTD)

Berkeley CSUA MOTD:Entry 15129

WIKI \| FAQ \| Tech FAQ
`http://csua.com/feed/`

2025/04/04 [General] UID:1000 Activity:popular

4/4

1998/12/19-20 [Computer/SW/Unix] UID:15129 Activity:moderate

12/18   in an .rhosts file how do you give access to your account for
        multiple computers on the same subdomain (like all the computers
        that end with http://cs.berkeley.edu without having the specifiy every
        computer in soda hall)
        \_ Don't be stupid.  This is painfully wrong.  Do not do this.
           Use ssh and setup an authorized keys file.
        \_ The voice of root intones, "Please read /csua/adm/doc/ssh-howto"
           \_ You feel foolish!
        \_ Setting *.cs or *.eecs in a .rhosts would be a really bad idea
           even if you could do it.  (Think about this:  I install linux
           or *BSD on my laptop, take it down to the second floor labs,
           plug it into one of the net connections there, create an account
           matching yours on my machine and login as you.  There's also
           dozens of *.cs/*.eecs computers you don't have accounts on that
           people you don't want to have access to your account have root on.
           Many students have root on many research machines.)
                \_ PS.  This is also why chmod is pointless on the EECS-inst
                   cluster.  Anyone can read any file on any NFS-exported
                   filesystem, and write any file on any filesystem exported
                   writable.  Have fun editing your final grades!  (Too bad
                   Secure NFS isn't available on HP-SUX 10.20)
                   \_ Really?  Just because they have an open net as described
                      above or is there something additionally stupid about
                      the *.cs/*.eecs setup?  -alum without *.cs to check it out
                      the *.cs/*.eecs setup?  -alum (no *.cs account)
                      \_ Because they use NFS on an open net.
                      \_ Because anyone with a UNIX laptop can create an
                         account with any UID they want and non-secure NFS
                         trusts the client to be who they say.  (If they
                         dumped the non-Solaris machines they could use
                         Secure NFS which requires a valid kerberos ticket
                         or NIS+ credentials to prove identity.)  In short -
                         NFS sucks.
        \_ If you really want to setup .rhosts to be able to rsh from any of
           your account, type '+' in your .rhosts file.
                \_ The EECS-Inst machines have cops set up to detect and
                   disable stupid rhosts.  (But it may take a week before
                   it runs and tells you how stupid you are.)

ERROR, url_link recursive (eces.Colorado.EDU/secure/mindterm2) 2025/04/04 [General] UID:1000 Activity:popular

4/4

You may also be interested in these entries...

2012/8/29-11/7 [Computer/SW/Security] UID:54467 Activity:nil

8/29    There was once a CSUA web page which runs an SSH client for logging
        on to soda.  Does that page still exist?  Can someone remind me of the
        URL please?  Thx.
        \_ what do you mean? instruction on how to ssh into soda?
           \_ No I think he means the ssh applet, which, iirc, was an applet
              that implemented an ssh v1 client.  I think this page went away
	...

2012/9/20-11/7 [Computer/SW/Unix, Finance/Investment] UID:54482 Activity:nil

9/20    How do I change my shell? chsh says "Cannot change ID to root."
        \_ /usr/bin/chsh does not have the SUID permission set. Without
           being set, it does not successfully change a user's shell.
           Typical newbie sys admin (on soda)
           \_ Actually, it does: -rwsr-xr-x 1 root root 37552 Feb 15  2011 /usr/bin/chsh
	...

2012/9/24-11/7 [Computer/SW/Languages, Computer/SW/Unix] UID:54484 Activity:nil

9/24    How come changing my shell using ldapmodify (chsh doesn't work) doesn't
        work either? ldapsearch and getent show the new shell but I still get
        the old shell on login.
        \_ Scratch that, it magically took my new shell now. WTF?
           \_ probably nscd(8)
	...

2012/3/29-6/4 [Computer/HW/Memory, Computer/HW/CPU, Computer/HW/Drives] UID:54351 Activity:nil

3/29    A friend wants a PC (no mac). She doesn't want Dell. Is there a
        good place that can custom build for you (SSD, large RAM, cheap video
        card--no game)?
        \_ As a side note: back in my Cal days more than two decades ago when
           having a 387SX made me the only person with floating-point hardware,
           most machines were custom built.
	...

2012/5/8-6/4 [Computer/SW/Unix] UID:54383 Activity:nil

5/8     Hello everyone!  This is Josh Hawn, CSUA Tech VP for Spring 2012.
        About 2 weeks ago, someone brought to my attention that our script
        to periodically merge /etc/motd.public into /etc/motd wasn't
        running.  When I looked into it, the cron daemon was running, but
        there hadn't been any root activity in the log since April 7th.  I
        looked into it for a while, but got lost in other things I was
	...

2012/1/27-3/26 [Computer/SW/Unix] UID:54299 Activity:nil

1/27    Interesting list of useful unix tools. Shout out to
        cowsay even!
        http://www.stumbleupon.com/su/3428AB/kkovacs.eu/cool-but-obscure-unix-tools
        \_ This is nice.  Thanks.
	...

2012/2/9-3/26 [Computer/SW/Security, Computer/SW/Unix] UID:54305 Activity:nil

2/9     Reminder: support for mail services has been deprecated for *several
        years*. Mail forwarding, specifically .forward mail forwarding, is
        officially supported and was never deprecated.
        \_ There is no .forward under ~root.  How do we mail root and how do
           we get responses?
           \_ root@csua.berkeley.edu is and always has been an alias.
	...

2011/9/14-12/28 [Computer/SW/Unix] UID:54172 Activity:nil

9/12    We've restored CSUA NFS to something vaguely resembling normal
        functionality -- plus, with some luck, we should now have something
        vaguely resembling normal uptime, too!  Ping root@csua.org if you
        notice any problems.  --jordan
--------------------------------------------------------------------------------
        \_  Oh, and http://irc.CSUA.Berkeley.EDU is online again.
	...

2011/10/26-12/6 [Computer/SW/Unix] UID:54202 Activity:nil

10/24  What's an easy way to see if say column 3 of a file matches a list of
       expressions in a file? Basically I want to combine "grep -f <file>"
       to store the patterns and awk's $3 ~ /(AAA|BBB|CCC)/ ... I realize
       I can do this with "egrep -f " and use regexp instead of strings, but
       was wondering if there was some magic way to do this.
       \_ UNIX has no magic. Make a shell script to produce the ask or egrep
	...

2011/9/14-10/25 [Computer/HW/Drives] UID:54173 Activity:nil

9/13    Thanks to Jordan, our disk server is no longer virtualized. Our long
        nightmare of poor IO performance should hopefully be over. Prepare for
        another long nightmare of poor hardware reliability!
        ...
        Just kidding! (I hope)
        In any case, this means that cooler was taken out back and shot, and
	...