Re: CDE Without ToolTalk?
From: Rich Teer (richard.teer@rite-group.com)Date: 09/07/02
- Previous message: Crist J. Clark: "CDE Without ToolTalk?"
- In reply to: Crist J. Clark: "CDE Without ToolTalk?"
- Next in thread: James Lick: "Re: CDE Without ToolTalk?"
- Next in thread: Charles Clancy: "Re: CDE Without ToolTalk?"
- Reply: James Lick: "Re: CDE Without ToolTalk?"
- Reply: Thomas Lindsay: "Re: CDE Without ToolTalk?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 6 Sep 2002 17:58:22 -0700 (PDT) From: Rich Teer <richard.teer@rite-group.com> To: cjclark@alum.mit.edu
On Thu, 5 Sep 2002, Crist J. Clark wrote:
> Does anyone have a reference on how to lock down CDE? When asked to
> "harden" a Sun server, one of the first things to do is go through
> inetd.conf and take everything out but the basics, or even better, not
> run inetd at all.
I (and many Sun sysadmins) subscribe to the school of thought
that Sun servers should be run headless - i.e., without
keyboard or monitor (and by implication, no X either). Serial
consoles should be used, preferably via some sort of serial
console server with network connectivity. That way, unless the
network is FUBARed, on the rare occasions where one needs
console access (as opposed to "just" root access), one can
do it from the comfort of their own desk, rather than a noisy
machine room.
> But the admins really don't like that since it breaks CDE. I don't
Which version of Solaris are you using? I use the following
inetd.conf on my (S8 & S9) machines, and CDE runs fine (the
only exception is that GUI root logins don't work; that doesn't
affect me enough for me to investigate further):
rich@grover4644# cat /etc/inet/inetd.conf
#
# Rstatd is used by programs such as perfmeter.
#
rstatd/2-4 tli rpc/datagram_v wait root /usr/lib/netsvc/rstat/rpc.rstatd rpc.rstatd
#
# Time service is used for clock synchronisation.
#
time stream tcp6 nowait root internal
time dgram udp6 wait root internal
Even empty inetd.conf works for me, but I use perfmeter
and NTP, so I enable those services.
> like being stuck at the console prompt with one shell either. I
> wouldn't think it would be a lot to ask to just have a windowing
> environment so we can have multiple ttys going at once, but not have
> all of the extra network services like the dreaded ToolTalk server.
That's one reason why it's better to remotely log in as you,
and then su to root. You can ssh into the server multiple
times from your desktop running CDE, hence getting the benefits
of multiple windows, etc.
> Is there a way to get CDE going? It bails out for me once it finds it
> can't start up ToolTalk. Am I stuck going to a different windowing
> system (isn't Openwin depricated these days?)?
Yep. Solaris 8 was the last version to support it. It's
gone in S9, apart from a few libraries to keep legacy apps
working.
HTH,
-- Rich TeerPresident, Rite Online Inc.
Voice: +1 (250) 979-1638 URL: http://www.rite-online.net
- Previous message: Crist J. Clark: "CDE Without ToolTalk?"
- In reply to: Crist J. Clark: "CDE Without ToolTalk?"
- Next in thread: James Lick: "Re: CDE Without ToolTalk?"
- Next in thread: Charles Clancy: "Re: CDE Without ToolTalk?"
- Reply: James Lick: "Re: CDE Without ToolTalk?"
- Reply: Thomas Lindsay: "Re: CDE Without ToolTalk?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
