David,
Thanks for your reply and suggestions. I still have a problem. Here's what I
did:
Changed root entry in /opt/ltsp/i386/etc/passwd to
Root:x:0:0:root:/tmp/.roothome/:/bin/bash
Inserted into /opt/ltsp/i386/etc/rc.sysinit as follows:
Echo "Creating ramdisk on /tmp"
RAMDISK_SIZE=${RAMDISK_SIZE:-"1024"}
/sbin/mke2fs -q -m0 /dev/ram1 ${RAMDISK_SIZE}
/bin/mount -n /dev/ram1 /tmp
mkdir /tmp/.roothome
chmod 700 /tmp/.roothome
mkdir /tmp/.roothome/.ssh
chmod 755 /tmp/.roothome/.ssh
#chmod 1777 /tmp
To keep things simple, I'm only using host based authentication. After
rebooting the client with the above, I have no trouble doing an ssh as a
user from server to client. However, if I uncomment the "chmod 1777 /tmp"
line and reboot the client, then when trying to ssh as a user from server to
client, I get a "Connection refused" error. It's interesting that this
fails, but I can ssh as a user from client to server without problem.
I'm hoping you can see what I'm doing wrong. I wasn't sure what you meant in
your suggestion by "you can move the ssh files".
Thanks,
John
-------
John L Bartelt
[EMAIL PROTECTED]
-----Original Message-----
From: David Johnston [mailto:[EMAIL PROTECTED]
Sent: Tuesday, May 17, 2005 3:17 AM
To: John L Bartelt
Subject: Re: [Ltsp-discuss] Local apps, ssh, /tmp permissions?
On Mon, 2005-05-16 at 22:34, John L Bartelt wrote:
> I'm setting up a diskless, thin client computing cluster using LTSP
> local apps and LAM/MPI. LAM wants password-free ssh access, so I set
> up the authorization keys and can do remote commands using ssh without
difficulty.
> The problem comes when some of the LAM tools and/or local apps want to
> write to /tmp. In the current configuration (I'm using K12LTSP 4.2.1)
> /tmp is read-only for the user. If I chmod it to read-write for the
> user in rc.sysinit, ssh is unhappy and won't connect.
>
> In the early days of LTSP, I did this via rsh, .rhosts, etc, but these
> days this is discouraged in favor of ssh for security reasons.
>
> Is it possible to configure ssh to ignore or accept user read-write
> permissions on /tmp?
Not that I know of, and for good reasons. However, you can move the root
user's home directory by changing /opt/ltsp/i386/etc/passwd. If you do
that, you can move the ssh files (eg, /tmp/.roothome). Then you can do
"chmod 1777 /tmp" and "chmod 0700 /tmp/.roothome" in
/opt/ltsp/i386/etc/rc.sysinit and everyone will be happy.
--
David Johnston <[EMAIL PROTECTED]>
Little Bald Consulting, LLC
--
No virus found in this incoming message.
Checked by AVG Anti-Virus.
Version: 7.0.308 / Virus Database: 266.11.10 - Release Date: 5/13/2005
-------------------------------------------------------
This SF.Net email is sponsored by Oracle Space Sweepstakes
Want to be the first software developer in space?
Enter now for the Oracle Space Sweepstakes!
http://ads.osdn.com/?ad_id=7412&alloc_id=16344&op=click
_____________________________________________________________________
Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto:
https://lists.sourceforge.net/lists/listinfo/ltsp-discuss
For additional LTSP help, try #ltsp channel on irc.freenode.net
