Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!swrinde!zaphod.mps.ohio-state.edu!julius.cs.uiuc.edu!apple!agate!shelby!helens!news From: news@helens.Stanford.EDU (news) Newsgroups: comp.sys.sgi Subject: Re: Missing Software ? Message-ID: Date: 1 Oct 90 22:46:56 GMT References: <9009282027.AA01332@erin.jsc.nasa.gov> Organization: Stanford University Lines: 34 In-reply-to: john@ERIN.JSC.NASA.GOV's message of 28 Sep 90 20:27:08 GMT We used a remote tape drive to upgrade those systems without tape drive, and we had to modify /usr/etc/inetd.conf from: tftp dgram udp wait guest /usr/etc/tftpd tftpd -s /usr/local/boot to: tftp dgram udp wait guest /usr/etc/tftpd tftpd otherwise we will get TFTP error. Hope this mail can save you two~three days of time. GOOD LUCK!!! Be advised that if you are on the Internet, running tftpd without the "-s /usr/local/boot" option allows anyone on the Inernet (from Australia to Peoria to Germany) to access any publicly readable file on the system, including /etc/passwd. So anyone doing this may want to change inetd.conf back after the installation is done. A better solution would be to copy all the required files (whatever they may be) to a tree under /usr/local/boot. It's good to see SGI is improving the default security on their systems. A couple years ago, there was no "chroot" flag for tftpd, and the diag account (uid=0, shell=/bin/csh) didn't come with a password. Many SGI owners (at least around here) didn't bother or think one was necessary. (SGI was not alone in this. Sun's old sysdiag (uid=0, shell=sysdiag) account had even more problems since many sysadmins were under the impression that sysdiag was "secure," which it was not in the least.) Moral: if you don't know what the account does, put a password on it. Jim Helman Department of Applied Physics Durand 012 Stanford University FAX: (415) 725-3377 (jim@KAOS.stanford.edu) Work: (415) 723-9127