Re: Auto login root on 3270 console ttyS0
Greetings Berry, That is the better way to go! Regards, Flint On Wed, 16 Aug 2017, van Sleeuwen, Berry wrote: Date: Wed, 16 Aug 2017 19:43:32 + From: "van Sleeuwen, Berry" <berry.vansleeu...@atos.net> Reply-To: "linux-390@vm.marist.edu" <linux-390@VM.MARIST.EDU> To: LINUX-390@VM.MARIST.EDU Subject: Re: Auto login root on 3270 console ttyS0 I think that would be a problem. Indeed these solutions will not work when the boot phase is stuck in INITRD. We have had boot problems in the past, either because of an error in /etc/fstab or because of boot disk errors. In those cases we logoff the linux machine and mount the boot disk(s) in our emergency linux guest. There we can repair the boot disk, so fix errors in /etc/fstab or run a filesystemcheck on the disks. When the disks are correct we can release these disks and have the owner attempt to boot again. Met vriendelijke groet/With kind regards/Mit freundlichen Grüßen, Berry van Sleeuwen -Original Message- From: Linux on 390 Port [mailto:LINUX-390@VM.MARIST.EDU] On Behalf Of Rick Troth Sent: Wednesday, August 16, 2017 6:24 PM To: LINUX-390@VM.MARIST.EDU Subject: Re: Auto login root on 3270 console ttyS0 sudo nor pmrun address the issue of the "*Enter root password for maintenance, or CTL-D to continue*" prompt when the system has problems starting up. Indeed. And that prompt is driven by the INITRD phase, before /sbin/init (or SystemD) gets control and could spawn your console shell. This e-mail and the documents attached are confidential and intended solely for the addressee; it may also be privileged. If you receive this e-mail in error, please notify the sender immediately and destroy it. As its integrity cannot be secured on the Internet, Atos’ liability cannot be triggered for the message content. Although the sender endeavours to maintain a computer virus-free network, the sender does not warrant that this transmission is virus-free and will not be liable for any damages resulting from any virus transmitted. On all offers and agreements under which Atos Nederland B.V. supplies goods and/or services of whatever nature, the Terms of Delivery from Atos Nederland B.V. exclusively apply. The Terms of Delivery shall be promptly submitted to you on your request. Kindest Regards, ☮ Paul Flint (802) 479-2360 Home (802) 595-9365 Cell / Based upon email reliability concerns, please send an acknowledgement in response to this note. Paul Flint 17 Averill Street Barre, VT 05641 -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: Auto login root on 3270 console ttyS0
I think that would be a problem. Indeed these solutions will not work when the boot phase is stuck in INITRD. We have had boot problems in the past, either because of an error in /etc/fstab or because of boot disk errors. In those cases we logoff the linux machine and mount the boot disk(s) in our emergency linux guest. There we can repair the boot disk, so fix errors in /etc/fstab or run a filesystemcheck on the disks. When the disks are correct we can release these disks and have the owner attempt to boot again. Met vriendelijke groet/With kind regards/Mit freundlichen Grüßen, Berry van Sleeuwen -Original Message- From: Linux on 390 Port [mailto:LINUX-390@VM.MARIST.EDU] On Behalf Of Rick Troth Sent: Wednesday, August 16, 2017 6:24 PM To: LINUX-390@VM.MARIST.EDU Subject: Re: Auto login root on 3270 console ttyS0 > sudo nor pmrun address the issue of the "*Enter root password for > maintenance, or CTL-D to continue*" prompt when the system has > problems starting up. Indeed. And that prompt is driven by the INITRD phase, before /sbin/init (or SystemD) gets control and could spawn your console shell. This e-mail and the documents attached are confidential and intended solely for the addressee; it may also be privileged. If you receive this e-mail in error, please notify the sender immediately and destroy it. As its integrity cannot be secured on the Internet, Atos’ liability cannot be triggered for the message content. Although the sender endeavours to maintain a computer virus-free network, the sender does not warrant that this transmission is virus-free and will not be liable for any damages resulting from any virus transmitted. On all offers and agreements under which Atos Nederland B.V. supplies goods and/or services of whatever nature, the Terms of Delivery from Atos Nederland B.V. exclusively apply. The Terms of Delivery shall be promptly submitted to you on your request.
Re: Auto login root on 3270 console ttyS0
Dear Rick, One slight embellishment... On Wed, 16 Aug 2017, Rick Troth wrote: Conflicting requirements between your security people and your business continuity people. Lock them in a room together and let them fight it out. Either sell tickets or televise (pay-per-view :^) Kindest Regards, ☮ Paul Flint (802) 479-2360 Home (802) 595-9365 Cell / Based upon email reliability concerns, please send an acknowledgement in response to this note. Paul Flint 17 Averill Street Barre, VT 05641 -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: Auto login root on 3270 console ttyS0
On 08/16/2017 12:04 PM, Donald Russell wrote: > Our security model does not allow sudo. Instead we use something called > pmrun which requires authentication across a network. (Don't get me started > on the pitfalls of that) PBRUN at least fits the model of "don't sign on as root - sign on as yourself and then do root as appropriate". So at 3ft they provide the same service, which I recommend. Objectively, PBRUN has the exposure that when the network is down you're stuck. (Conflicting requirements between your security people and your business continuity people. Lock them in a room together and let them fight it out.) > sudo nor pmrun address the issue of the "*Enter root password for > maintenance, or CTL-D to continue*" prompt when the system has problems > starting up. Indeed. And that prompt is driven by the INITRD phase, before /sbin/init (or SystemD) gets control and could spawn your console shell. > I've convinced our security people that the zLinux console is acceptably > protected by the "logon by" option, especially after pointing out how the > typed zLinux password is displayed, and the console is spooled. Awesome! Progress. > So, now I just want to get all this auto-login working properly. :-) Should be just a question of getting a shell spawned directly (either via inittab or from SystemD). Call or send email off-list if I can help. -- R; <>< -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: Auto login root on 3270 console ttyS0
Thanks Paul, Our security model does not allow sudo. Instead we use something called pmrun which requires authentication across a network. (Don't get me started on the pitfalls of that) sudo nor pmrun address the issue of the "*Enter root password for maintenance, or CTL-D to continue*" prompt when the system has problems starting up. I've convinced our security people that the zLinux console is acceptably protected by the "logon by" option, especially after pointing out how the typed zLinux password is displayed, and the console is spooled. So, now I just want to get all this auto-login working properly. :-) Cheers, Don On Wed, Aug 16, 2017 at 05:12 Paul Flintwrote: > Greetings Donald, > > The model that many debian packages has preferred over the years is that > of a "rootless" security model. In this configuration you must log in as > a user and then "sudo" to root. In order to do this you must be in the > sudoers group or be explicitly mentioned in /etc/sudoers. If you are > explicitly cited in /etc/sudoers, then when you get to the "Enter > root password or CTL-D to continue" prompt on your way to busy box - not a > plesant or optimal situation you can enter your password and get buzy > fixing whatever broke. > > I really am very happy with this "rootless" model, it is uncommon in RHEL > and SuSE. > > Sincerely, > > Flint > > On Tue, 15 Aug 2017, Donald Russell wrote: > > > Date: Tue, 15 Aug 2017 22:17:07 + > > From: Donald Russell > > Reply-To: Linux on 390 Port > > To: LINUX-390@VM.MARIST.EDU > > Subject: Auto login root on 3270 console ttyS0 > > > > I run a SLES 11 (for emergency recovery) and RHEL 7 system on zVM 6.3/6.4 > > > > Sysadmins can LOGON BY to get to the zLinux console if necessary. > > > > How/what do I have to configure so logging onto the 3270 console gets me > > logged into root in a bash shell automatically? Similar question for > > sometimes the system has problems coming up and it's prompting for "Enter > > root password or CTL-D to continue". How can that be bypassed so it just > > goes into a bash shell logged in as root? > > > > I've searched google and see reams and reams of "autologging root is a > bad > > idea"... I say that depends I think the zVM userid/password > protecting > > access to the zLinux console is sufficient, the "bad idea" view is based > on > > a physical machine that anybody could access, that's not the case for > > ZLinux on z/VM. > > > > Thanks, > > Donald Russell > > > > > > -- > > Sent from iPhone Gmail Mobile > > > > -- > > For LINUX-390 subscribe / signoff / archive access instructions, > > send email to lists...@vm.marist.edu with the message: INFO LINUX-390 > or visit > > http://www.marist.edu/htbin/wlvindex?LINUX-390 > > -- > > For more information on Linux on System z, visit > > http://wiki.linuxvm.org/ > > > > Kindest Regards, > > > > ☮ Paul Flint > (802) 479-2360 Home > (802) 595-9365 Cell > > / > Based upon email reliability concerns, > please send an acknowledgement in response to this note. > > Paul Flint > 17 Averill Street > Barre, VT > 05641 > > -- > For LINUX-390 subscribe / signoff / archive access instructions, > send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or > visit > http://www.marist.edu/htbin/wlvindex?LINUX-390 > -- > For more information on Linux on System z, visit > http://wiki.linuxvm.org/ > -- Sent from iPhone Gmail Mobile -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: Auto login root on 3270 console ttyS0
> How/what do I have to configure so logging onto the 3270 console gets me > logged into root in a bash shell automatically? Similar question for > sometimes the system has problems coming up and it's prompting for "Enter > root password or CTL-D to continue". How can that be bypassed so it just > goes into a bash shell logged in as root? Lots of discussion on security on the list, but if you're looking for nuts and bolts of how to accomplish auto login, you might find this white paper useful: https://www-03.ibm.com/support/techdocs/atsmastr.nsf/WebIndex/WP101634 Tracy Dean, IBM -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: Auto login root on 3270 console ttyS0
Greetings Donald, The model that many debian packages has preferred over the years is that of a "rootless" security model. In this configuration you must log in as a user and then "sudo" to root. In order to do this you must be in the sudoers group or be explicitly mentioned in /etc/sudoers. If you are explicitly cited in /etc/sudoers, then when you get to the "Enter root password or CTL-D to continue" prompt on your way to busy box - not a plesant or optimal situation you can enter your password and get buzy fixing whatever broke. I really am very happy with this "rootless" model, it is uncommon in RHEL and SuSE. Sincerely, Flint On Tue, 15 Aug 2017, Donald Russell wrote: Date: Tue, 15 Aug 2017 22:17:07 + From: Donald RussellReply-To: Linux on 390 Port To: LINUX-390@VM.MARIST.EDU Subject: Auto login root on 3270 console ttyS0 I run a SLES 11 (for emergency recovery) and RHEL 7 system on zVM 6.3/6.4 Sysadmins can LOGON BY to get to the zLinux console if necessary. How/what do I have to configure so logging onto the 3270 console gets me logged into root in a bash shell automatically? Similar question for sometimes the system has problems coming up and it's prompting for "Enter root password or CTL-D to continue". How can that be bypassed so it just goes into a bash shell logged in as root? I've searched google and see reams and reams of "autologging root is a bad idea"... I say that depends I think the zVM userid/password protecting access to the zLinux console is sufficient, the "bad idea" view is based on a physical machine that anybody could access, that's not the case for ZLinux on z/VM. Thanks, Donald Russell -- Sent from iPhone Gmail Mobile -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/ Kindest Regards, ☮ Paul Flint (802) 479-2360 Home (802) 595-9365 Cell / Based upon email reliability concerns, please send an acknowledgement in response to this note. Paul Flint 17 Averill Street Barre, VT 05641 -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: Auto login root on 3270 console ttyS0
On 16 August 2017 at 00:47, Rick Trothwrote: > > It's arguable that having to enter a password at a "login:" prompt would > actually be /less/ secure. > Indeed. It can be argued, and I did that a lot :-) A lot of the security rituals we follow were created for problems that don't exist anymore, or never existed at all. https://www.wsj.com/articles/the-man-who-wrote-those-password-rules-has-a-new-tip-n3v-r-m1-d-1502124118 The point is that you separate authentication (show RACF your own pass phrase) and access control (whether you are allowed to do this). Add to that the fact that you log the access and annotate that with the console log of the virtual machine. This is much better than mailing lists or spreadsheets to distribute root passwords among those who need to know (and others). We used to run all guests with root automatically logged on, so those with a business need for access did not need a root password. When you know the root password, you can use it in other situations as well. To stress the point, our Linux guests did not even *have* a root password (pretty funny when the application developer brought his manager to demand the root password of the system). But security policy dictated that we had to have a root password and change it every 30 days, so we set a random root password through cron on a weekly basis :-) Rob -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: Auto login root on 3270 console ttyS0
Just for reference, let me add SLES12 in this discussion too. I recently installed a SLES12 machine and there it should be configured in systemd. In systemd you don’t have the inittab. The user is to be logged on on ttyS0, so you need to ensure serial-getty@ttyS0.service is started during boot. The serial-getty services will be started automatically during boot when the devices are detected (hvc, ttyS0, ttysclp). In order to logon a user you need to create /etc/systemd/system/serial-getty@ttyS0.service.d/autologin.conf with the following content: [Service] ExecStart= ExecStart=-/sbin/agetty --autologin root -s %I dumb When the service is started it will read the autologin.conf file and start the agetty program on ttyS0. I have found this in the archlinux wiki at https://wiki.archlinux.org/index.php/Getty and updated the agetty options to match the requirements for an S390 console device. Met vriendelijke groet/With kind regards/Mit freundlichen Grüßen, Berry van Sleeuwen -Original Message- From: Linux on 390 Port [mailto:LINUX-390@VM.MARIST.EDU] On Behalf Of Mark Post Sent: Wednesday, August 16, 2017 12:27 AM To: LINUX-390@VM.MARIST.EDU Subject: Re: Auto login root on 3270 console ttyS0 >>> On 8/15/2017 at 06:17 PM, Donald Russell <russell@gmail.com> wrote: > I run a SLES 11 (for emergency recovery) and RHEL 7 system on zVM > 6.3/6.4 > > Sysadmins can LOGON BY to get to the zLinux console if necessary. > > How/what do I have to configure so logging onto the 3270 console gets > me logged into root in a bash shell automatically? For SLES11, modify /etc/inittab # Default HMC/3215/3270 console 1:2345:respawn:/sbin/ttyrun ttyS0 /sbin/mingetty --noclear %t dumb and replace it with something like this: 1:012356:respawn:/bin/bash -i Mark Post -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/ This e-mail and the documents attached are confidential and intended solely for the addressee; it may also be privileged. If you receive this e-mail in error, please notify the sender immediately and destroy it. As its integrity cannot be secured on the Internet, Atos’ liability cannot be triggered for the message content. Although the sender endeavours to maintain a computer virus-free network, the sender does not warrant that this transmission is virus-free and will not be liable for any damages resulting from any virus transmitted. On all offers and agreements under which Atos Nederland B.V. supplies goods and/or services of whatever nature, the Terms of Delivery from Atos Nederland B.V. exclusively apply. The Terms of Delivery shall be promptly submitted to you on your request.
Re: Auto login root on 3270 console ttyS0
Thanks Mark, and others for the suggestions. I'll check those out. Cheers, Don On Tue, Aug 15, 2017 at 15:28 Mark Postwrote: > >>> On 8/15/2017 at 06:17 PM, Donald Russell > wrote: > > I run a SLES 11 (for emergency recovery) and RHEL 7 system on zVM 6.3/6.4 > > > > Sysadmins can LOGON BY to get to the zLinux console if necessary. > > > > How/what do I have to configure so logging onto the 3270 console gets me > > logged into root in a bash shell automatically? > > For SLES11, modify /etc/inittab > # Default HMC/3215/3270 console > 1:2345:respawn:/sbin/ttyrun ttyS0 /sbin/mingetty --noclear %t dumb > > and replace it with something like this: > 1:012356:respawn:/bin/bash -i > > > Mark Post > > -- > For LINUX-390 subscribe / signoff / archive access instructions, > send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or > visit > http://www.marist.edu/htbin/wlvindex?LINUX-390 > -- > For more information on Linux on System z, visit > http://wiki.linuxvm.org/ > -- Sent from iPhone Gmail Mobile -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: Auto login root on 3270 console ttyS0
Not that most users have it - but those with Class C have the ability to talk to all the zLinux guests via CP SEND. So in a sense it is a console just sitting there, but only those with class C can get in the room. This privilege is hopefully covered by security policy elsewhere, ensuring the right people have these privs, they are revalidated, etc etc. We used to use automation on z/VM that relied on CP SEND and the guests being logged in as root - it was a nice way to talk to all of your guests directly from z/VM and issue commands and do queries or some pd .. but we have moved away from that in favor of Linux based (ssh, etc) tools. To me - it is 'safer' to not login as root (or any id) automatically... You then disable the ability of any class C user to send an unwanted command to your guest whether on purpose or accident. Whether physical/virtual - the console is sitting there able to be accessed - so it should really be logged out and force you to provide credentials. Strictly my take on it - and it can certainly be argued that CMS guests are always logged in as root ;-)I would rather just avoid security concerns altogether unless there is real value to be had. It also helps keeping the separation between z/VM support and zLinux support crisp. Scott Rohling On Tue, Aug 15, 2017 at 3:47 PM, Rick Trothwrote: > On 8/15/2017 at 06:17 PM, Donald Russell wrote: > >> I run a SLES 11 (for emergency recovery) and RHEL 7 system on zVM > 6.3/6.4 > >> > >> Sysadmins can LOGON BY to get to the zLinux console if necessary. > >> > >> How/what do I have to configure so logging onto the 3270 console gets me > >> logged into root in a bash shell automatically? > > > On 08/15/2017 06:27 PM, Mark Post wrote: > > For SLES11, modify /etc/inittab > > # Default HMC/3215/3270 console > > 1:2345:respawn:/sbin/ttyrun ttyS0 /sbin/mingetty --noclear %t dumb > > > > and replace it with something like this: > > 1:012356:respawn:/bin/bash -i > > That should work. > I took it up a notch by wrapping up some proper profiling into a shell > script, which is ... > > http://www.casita.net/pub/nord/sbin/conshell > > > (And as I review it, I see that it still lacks the PATH fixup I thought > was there. Gotta fix that.) > > I always run ... > > cons:12:respawn:/sbin/conshell > > > It's arguable that having to enter a password at a "login:" prompt would > actually be /less/ secure. > > > - snip - > > All the badness you read about in the Googoo searching is because > /unattended *physical* boxes/ with a root shell "just sittin there" is > indeed a bad thing. But you're doing LOGON BY. (Any virtualization would > have some kind of control over console access, some better than others > and z/VM is particularly good.) Be prepared to explain how VM is > protecting the guests when the auditors come knockin. :-( > > Also (and apologies for being pedantic), it's not really a 3270. Linux > thinks it's talking to a 3215 (or in some cases an HMC interface). > You're in "CONMODE 3215" so VM presents ye olde typewriter to the guest. > There /is/ a 3270 driver for Linux, a whole other story. You could even > do 'TERM CONMODE 3270'. > > -- R; <>< > > > > > -- > For LINUX-390 subscribe / signoff / archive access instructions, > send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or > visit > http://www.marist.edu/htbin/wlvindex?LINUX-390 > -- > For more information on Linux on System z, visit > http://wiki.linuxvm.org/ > -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: Auto login root on 3270 console ttyS0
On 8/15/2017 at 06:17 PM, Donald Russellwrote: >> I run a SLES 11 (for emergency recovery) and RHEL 7 system on zVM 6.3/6.4 >> >> Sysadmins can LOGON BY to get to the zLinux console if necessary. >> >> How/what do I have to configure so logging onto the 3270 console gets me >> logged into root in a bash shell automatically? On 08/15/2017 06:27 PM, Mark Post wrote: > For SLES11, modify /etc/inittab > # Default HMC/3215/3270 console > 1:2345:respawn:/sbin/ttyrun ttyS0 /sbin/mingetty --noclear %t dumb > > and replace it with something like this: > 1:012356:respawn:/bin/bash -i That should work. I took it up a notch by wrapping up some proper profiling into a shell script, which is ... http://www.casita.net/pub/nord/sbin/conshell (And as I review it, I see that it still lacks the PATH fixup I thought was there. Gotta fix that.) I always run ... cons:12:respawn:/sbin/conshell It's arguable that having to enter a password at a "login:" prompt would actually be /less/ secure. - snip - All the badness you read about in the Googoo searching is because /unattended *physical* boxes/ with a root shell "just sittin there" is indeed a bad thing. But you're doing LOGON BY. (Any virtualization would have some kind of control over console access, some better than others and z/VM is particularly good.) Be prepared to explain how VM is protecting the guests when the auditors come knockin. :-( Also (and apologies for being pedantic), it's not really a 3270. Linux thinks it's talking to a 3215 (or in some cases an HMC interface). You're in "CONMODE 3215" so VM presents ye olde typewriter to the guest. There /is/ a 3270 driver for Linux, a whole other story. You could even do 'TERM CONMODE 3270'. -- R; <>< -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: Auto login root on 3270 console ttyS0
>>> On 8/15/2017 at 06:17 PM, Donald Russellwrote: > I run a SLES 11 (for emergency recovery) and RHEL 7 system on zVM 6.3/6.4 > > Sysadmins can LOGON BY to get to the zLinux console if necessary. > > How/what do I have to configure so logging onto the 3270 console gets me > logged into root in a bash shell automatically? For SLES11, modify /etc/inittab # Default HMC/3215/3270 console 1:2345:respawn:/sbin/ttyrun ttyS0 /sbin/mingetty --noclear %t dumb and replace it with something like this: 1:012356:respawn:/bin/bash -i Mark Post -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/