guys awesome advice!! I will try your suggestions sometime tonight, I am backing up the virtual network at the moment and it is therefore shutdown until the backup is done.
thanks !! tim
On Fri, Oct 22, 2010 at 4:08 PM, Todd Denniston Todd.Denniston@tsb.cranrdte.navy.mil wrote:
Tim Dunphy wrote, On 10/22/2010 03:30 PM:
hmm.. ok then gordon thanks for the input! how do these permissions grab ya?
[bluethundr@LCENT01 ~]$ ls -alh | grep .ssh -rw------- 1 bluethundr summitnjops 70 Oct 17 14:04 .lesshst drwx------ 2 bluethundr summitnjops 512 Oct 22 14:06 .ssh
[bluethundr@LCENT01 ~]$ ls -lah .ssh total 34K drwx------ 2 bluethundr summitnjops 512 Oct 22 14:06 . drwx------ 106 bluethundr summitnjops 5.5K Oct 22 14:44 .. -rw------- 1 bluethundr summitnjops 820 Oct 22 14:19 authorized_keys -rw------- 1 bluethundr summitnjops 1.7K Oct 22 14:18 id_rsa -rw-r--r-- 1 bluethundr summitnjops 403 Oct 22 14:18 id_rsa.pub -rw-r--r-- 1 bluethundr summitnjops 20K Oct 22 14:47 known_hosts [bluethundr@LCENT01 ~]$
An experiment for you...
Assumptions:
- NFS v3
- on the NFS server the file system is named '/exportedfilesytem'
- have root on both machines
- on the NFS client the file system is mounted such that it contains bluethundr's home directory
- root_squash is in play
On the NFS server MYNFSFS=/exportedfilesytem grep $MYNFSFS /etc/exports grep $MYNFSFS /etc/exports | grep -v no_root_squash #if you get a line back then root on the client machine is being squashed. man exports #search down for root_squash
On the NFS client (virt1) #### login as root #### cd ~bluethundr/.ssh/ #you may have just gotten an error. ls -lah ~bluethundr/.ssh/* #you may have just gotten an error. cat ~bluethundr/.ssh/authorized_keys #you _have_ just gotten an error, and this is the one that stops you IIRC.
Suggestions:
- Consider tightening up perms on id_rsa.pub & known_hosts
- Open up the _read_ perms on authorized_keys
3a) IIRC you _may_ also have to open up the _read_ perms on ~/.ssh 3b) IIRC you _may_ also have to open up the exec perms on ~/.ssh If you have to do one of 3a or 3b, try each individually and only give as much as you have to.
-- Todd Denniston Crane Division, Naval Surface Warfare Center (NSWC Crane) Harnessing the Power of Technology for the Warfighter _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos