/etc/ssh2/ssh2_config ForwardX11
/etc/ssh2/ssh2d_config X11Forwarding,
disable UsePrivilegeSeparation,
and set the correct sftp-server location
(sftp-server, in /usr/bin)
rsh, ftp, et al, are to be enabled,
use at least tcp_wrappers, in /etc/inetd.conf:
ftp stream tcp6 nowait root /opt/bin/tcpd ftpd -l -u077 shell stream tcp6 nowait root /opt/bin/tcpd rshd telnet stream tcp6 nowait root /opt/bin/tcpd telnetd -a login stream tcp6 nowait root /opt/bin/tcpdwhere
/opt/bin/tcpd is the actual TCP wrapper.
In this case, root access from some machines may be allowed via /.rhosts:
The general format is
<machine><domain> root <machine> rootThis list should be restricted to an absolute minimum, for admin purposes only.
/opt/bin/.kshrc for
ksh customization,
example.
/etc/profile will be executed during ksh login
and should contain
umask 022 # u=rwx,g=r,o=r if [ -x /opt/bin/.profile ] then . /opt/bin/.profile fito allow for local definitions at login time.
/opt/bin/.profile contains local machine specific
definitions, e.g. PATH, LD_LIBRARY_PATH, MANPATH,
ENV,
which are set for all ksh users at login time.
export ENV=/opt/bin/.kshrc export PATH=...../usr/bin/mtools:$PATH
/opt/bin/
must be world-readable and -executable.
/etc/.new..profile,/etc/.proto..profile (the default user profile)
and /.profile's should contain sth like
if [ ! "$DT" ]; then
stty dec
tset -I -Q
fi
to allow ksh login via desktop and non-desktop access.
The system default seems OK.
/opt/bin/.kshrc for
ksh customization,
example.
/etc/profile will be executed during ksh login
and should contain
if [ -x /opt/bin/.profile ] then . /opt/bin/.profile fito allow for local definitions at login time.
/opt/bin/.profile contains local machine specific
definitions, e.g. PATH, LD_LIBRARY_PATH, MANPATH,
ENV=/opt/bin/.kshrc,
which are set for all ksh users at login time,
example.
/opt/bin/
must be world-readable and -executable and the default login shell
in /etc/passwd must be /bin/ksh.