Charles wrote regarding 'Re: [EE] Opening up rsh on linux' on Mon, Nov
14 at 16:06:
> I'm not sure a double "+" is supported on all platforms.
> 
> How about opening it up to all machines but only allowing one
> special non-root user?
> 
> + rshuser
> 
> Then have the users specify the special user on their command line:
> rsh -l rshuser somehost somecmd

In addition to that, it'd be a decent idea to run in.rshd with the -l
argument, so it doesn't check specific users' .rhosts file.  One less
place for things to go wrong, you know?  Edit /etc/inetd.conf (I think
RH 7.3 still used inetd rather than xinetd) for that...

Presumably you checked to ensure that /etc/hosts.equiv is mode 0600
and root:root?

BTW, "alias somehost 'rsh -l someuser somehost'" would potentially be
handy, and setting someuser's homedir to be owned by root + not
writable (only readable) by someuser would be a decent way to keep
users from screwing up the sandbox account. :)

--Danny
-- 
http://www.piclist.com PIC/SX FAQ & list archive
View/change your membership options at
http://mailman.mit.edu/mailman/listinfo/piclist