Profiles

Startup (todo)

1. In /etc/ssh2/ssh2_config
   enable ForwardX11
2. In /etc/ssh2/ssh2d_config
   allow X11Forwarding, disable UsePrivilegeSeparation, and set the correct sftp-server location (sftp-server, in /usr/bin)
3. !
   If "unsecure" services like rsh, ftp, et al, are to be enabled, use at least tcp_wrappers, in /etc/inetd.conf:

   ftp     stream  tcp6    nowait  root    /opt/bin/tcpd       ftpd -l -u077
   shell   stream  tcp6    nowait  root    /opt/bin/tcpd       rshd
   telnet  stream  tcp6    nowait  root    /opt/bin/tcpd       telnetd -a
   login   stream  tcp6    nowait  root    /opt/bin/tcpd 
   

   where /opt/bin/tcpd is the actual TCP wrapper. In this case, root access from some machines may be allowed via /.rhosts: The general format is

   <machine>.gsi.de root
   <machine>        root
   

   This list should be restricted to an absolute minimum, for admin purposes only.

Profiles

• /opt/bin/.kshrc for ksh customization.
• /etc/profile will be executed during ksh login and should contain

  if [ -x /opt/bin/.profile ]
  then
    . /opt/bin/.profile
  fi
  

  to allow for local definitions at login time.
• /opt/bin/.profile contains local machine specific definitions, e.g. PATH, LIBPATH, MANPATH, ENV, which are set for all ksh users at login time.
  

  export ENV=/opt/bin/.kshrc
  

• Note that all stuff in /opt/bin/ must be world-readable and -executable.
• /usr/skel/* (the default user profiles) and /.profile's should contain sth like

  tty -s
  if test $? = 0
  then
          stty dec crt
  fi
  

  to allow ksh login via desktop and non-desktop access. The system default seems OK, check PATH definitions.