Administering Trusted Users and Hosts



next up previous contents
Next: Protecting Against Impersonation Up: Improving the Security Previous: Improving the Security

Administering Trusted Users and Hosts

Given that a server is going to support the ``r'' commands using trusted users and hosts, it is important for an administrator to be aware of which hosts and users are allowed to access the system without supplying passwords. The /etc/hosts.equiv and /etc/hosts.lpd files should not contain an entry of ``+'' (plus) unless required in the operating environment and protected by a firewall network configuration [CA-92]. An entry of ``+'' assumes all hosts to be trusted. Similarly, .rhosts files should never contain a ``+ +'' entry. A .rhosts file containing ``+ +'' will trust all users on all systems.

The ``r'' command daemons access a .rhosts file in a user's home directory on the server as part of the access control process. A user is able to list in this file the trusted hosts of the user's choice. This implies that the administrator is unable to exclusively control access.

The problem of how to administer users' .rhosts files has two solutions which are not difficult to implement. The most obvious solution is to have a daemon, which could be a shell script, monitoring the contents of users' .rhosts files. Any undesirable trusted hosts in these files could be removed. While this approach can work reasonably well, such monitoring can only take place periodically and leaves open the possibility that undesirable access can exist for short periods of time.

Another approach to controlling use of .rhosts files is for the administrator to disable the use of users' .rhosts file completely. This is accomplished by the administrator creating a .rhosts directory and a file within that .rhosts directory where both the .rhosts directory and the file in that directory are owned by root or the administrator. By excluding the user from all access to the .rhosts directory and the file within, the user can neither delete the .rhosts directory (note that only root may unlink a directory), nor create a .rhosts recognized by an ``r'' command. The administrator can then maintain exclusive control over access by means of the ``r'' commands through the use of the hosts.equiv file.

It is possible for an intruder to modify existing .rhosts and /etc/hosts.equiv files or to create new .rhosts files in users' home directories to allow future unauthorized access for the attacker. To prevent against unauthorized modification of files bypassing authentication to trusted hosts and users, an administrator may want to use a daemon which monitors the contents of .rhosts files and the contents of /etc/hosts.equiv as well. An administrator should also verify that any account with login disabled is not accessible by the trusted hosts facility.

Note that the hosts.equiv file should not be used to permit access to print service (lpd). The hosts.lpd file may be used for that purpose. An entry in the hosts.lpd file only grants access to print service while an entry in the hosts.equiv file grants access to both print service and the ``r'' commands.



next up previous contents
Next: Protecting Against Impersonation Up: Improving the Security Previous: Improving the Security



John Barkley
Fri Oct 7 16:17:21 EDT 1994