Re: Auto login root on 3270 console ttyS0

2017-08-16 Thread Paul Flint 

Greetings Berry,

That is the better way to go!

Regards,

Flint

On Wed, 16 Aug 2017, van Sleeuwen, Berry wrote:


Date: Wed, 16 Aug 2017 19:43:32 +
From: "van Sleeuwen, Berry" <berry.vansleeu...@atos.net>
Reply-To: "linux-390@vm.marist.edu" <linux-390@VM.MARIST.EDU>
To: LINUX-390@VM.MARIST.EDU
Subject: Re: Auto login root on 3270 console ttyS0

I think that would be a problem. Indeed these solutions will not work when the 
boot phase is stuck in INITRD.

We have had boot problems in the past, either because of an error in /etc/fstab 
or because of boot disk errors. In those cases we logoff the linux machine and 
mount the boot disk(s) in our emergency linux guest. There we can repair the 
boot disk, so fix errors in /etc/fstab or run a filesystemcheck on the disks. 
When the disks are correct we can release these disks and have the owner 
attempt to boot again.

Met vriendelijke groet/With kind regards/Mit freundlichen Grüßen,
Berry van Sleeuwen


-Original Message-
From: Linux on 390 Port [mailto:LINUX-390@VM.MARIST.EDU] On Behalf Of Rick Troth
Sent: Wednesday, August 16, 2017 6:24 PM
To: LINUX-390@VM.MARIST.EDU
Subject: Re: Auto login root on 3270 console ttyS0



sudo nor pmrun address the issue of the "*Enter root password for
maintenance, or CTL-D to continue*" prompt when the system has
problems starting up.


Indeed.
And that prompt is driven by the INITRD phase, before /sbin/init (or
SystemD) gets control and could spawn your console shell.

This e-mail and the documents attached are confidential and intended solely for 
the addressee; it may also be privileged. If you receive this e-mail in error, 
please notify the sender immediately and destroy it. As its integrity cannot be 
secured on the Internet, Atos’ liability cannot be triggered for the message 
content. Although the sender endeavours to maintain a computer virus-free 
network, the sender does not warrant that this transmission is virus-free and 
will not be liable for any damages resulting from any virus transmitted. On all 
offers and agreements under which Atos Nederland B.V. supplies goods and/or 
services of whatever nature, the Terms of Delivery from Atos Nederland B.V. 
exclusively apply. The Terms of Delivery shall be promptly submitted to you on 
your request.



Kindest Regards,



☮ Paul Flint
(802) 479-2360 Home
(802) 595-9365 Cell

/
Based upon email reliability concerns,
please send an acknowledgement in response to this note.

Paul Flint
17 Averill Street
Barre, VT
05641

--
For LINUX-390 subscribe / signoff / archive access instructions,
send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
--
For more information on Linux on System z, visit
http://wiki.linuxvm.org/

Re: Auto login root on 3270 console ttyS0

2017-08-16 Thread van Sleeuwen, Berry 
I think that would be a problem. Indeed these solutions will not work when the 
boot phase is stuck in INITRD.

We have had boot problems in the past, either because of an error in /etc/fstab 
or because of boot disk errors. In those cases we logoff the linux machine and 
mount the boot disk(s) in our emergency linux guest. There we can repair the 
boot disk, so fix errors in /etc/fstab or run a filesystemcheck on the disks. 
When the disks are correct we can release these disks and have the owner 
attempt to boot again.

Met vriendelijke groet/With kind regards/Mit freundlichen Grüßen,
Berry van Sleeuwen


-Original Message-
From: Linux on 390 Port [mailto:LINUX-390@VM.MARIST.EDU] On Behalf Of Rick Troth
Sent: Wednesday, August 16, 2017 6:24 PM
To: LINUX-390@VM.MARIST.EDU
Subject: Re: Auto login root on 3270 console ttyS0


> sudo nor pmrun address the issue of the "*Enter root password for
> maintenance, or CTL-D to continue*" prompt when the system has
> problems starting up.

Indeed.
And that prompt is driven by the INITRD phase, before /sbin/init (or
SystemD) gets control and could spawn your console shell.

This e-mail and the documents attached are confidential and intended solely for 
the addressee; it may also be privileged. If you receive this e-mail in error, 
please notify the sender immediately and destroy it. As its integrity cannot be 
secured on the Internet, Atos’ liability cannot be triggered for the message 
content. Although the sender endeavours to maintain a computer virus-free 
network, the sender does not warrant that this transmission is virus-free and 
will not be liable for any damages resulting from any virus transmitted. On all 
offers and agreements under which Atos Nederland B.V. supplies goods and/or 
services of whatever nature, the Terms of Delivery from Atos Nederland B.V. 
exclusively apply. The Terms of Delivery shall be promptly submitted to you on 
your request.

Re: Auto login root on 3270 console ttyS0

2017-08-16 Thread Paul Flint 

Dear Rick,

One slight embellishment...

On Wed, 16 Aug 2017, Rick Troth wrote:


Conflicting requirements between your security people and your
business continuity people. Lock them in a room together and let them
fight it out.



Either sell tickets or televise (pay-per-view :^)


Kindest Regards,



☮ Paul Flint
(802) 479-2360 Home
(802) 595-9365 Cell

/
Based upon email reliability concerns,
please send an acknowledgement in response to this note.

Paul Flint
17 Averill Street
Barre, VT
05641

--
For LINUX-390 subscribe / signoff / archive access instructions,
send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
--
For more information on Linux on System z, visit
http://wiki.linuxvm.org/

Re: Auto login root on 3270 console ttyS0

2017-08-16 Thread Rick Troth 
On 08/16/2017 12:04 PM, Donald Russell wrote:
> Our security model does not allow sudo. Instead we use something called
> pmrun which requires authentication across a network. (Don't get me started
> on the pitfalls of that)

PBRUN at least fits the model of "don't sign on as root - sign on as
yourself and then do root as appropriate". So at 3ft they provide
the same service, which I recommend.

Objectively, PBRUN has the exposure that when the network is down you're
stuck. (Conflicting requirements between your security people and your
business continuity people. Lock them in a room together and let them
fight it out.)


> sudo nor pmrun address the issue of the "*Enter root password for
> maintenance, or CTL-D to continue*" prompt when the system has problems
> starting up.

Indeed.
And that prompt is driven by the INITRD phase, before /sbin/init (or
SystemD) gets control and could spawn your console shell.


> I've convinced our security people that the zLinux console is acceptably
> protected by the "logon by" option, especially after pointing out how the
> typed zLinux password is displayed, and the console is spooled.

Awesome! Progress.


> So, now I just want to get all this auto-login working properly. :-)

Should be just a question of getting a shell spawned directly (either
via inittab or from SystemD).
Call or send email off-list if I can help.

-- R; <><




--
For LINUX-390 subscribe / signoff / archive access instructions,
send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
--
For more information on Linux on System z, visit
http://wiki.linuxvm.org/

Re: Auto login root on 3270 console ttyS0

2017-08-16 Thread Donald Russell 
Thanks Paul,

Our security model does not allow sudo. Instead we use something called
pmrun which requires authentication across a network. (Don't get me started
on the pitfalls of that)

sudo nor pmrun address the issue of the "*Enter root password for
maintenance, or CTL-D to continue*" prompt when the system has problems
starting up.

I've convinced our security people that the zLinux console is acceptably
protected by the "logon by" option, especially after pointing out how the
typed zLinux password is displayed, and the console is spooled.

So, now I just want to get all this auto-login working properly. :-)

Cheers,
Don



On Wed, Aug 16, 2017 at 05:12 Paul Flint  wrote:

> Greetings Donald,
>
> The model that many debian packages has preferred over the years is that
> of a "rootless" security model.  In this configuration you must log in as
> a user and then "sudo" to root.  In order to do this you must be in the
> sudoers group or be explicitly mentioned in /etc/sudoers.  If you are
> explicitly cited in /etc/sudoers, then when you get to the "Enter
> root password or CTL-D to continue" prompt on your way to busy box - not a
> plesant or optimal situation you can enter your password and get buzy
> fixing whatever broke.
>
> I really am very happy with this "rootless" model, it is uncommon in RHEL
> and SuSE.
>
> Sincerely,
>
> Flint
>
> On Tue, 15 Aug 2017, Donald Russell wrote:
>
> > Date: Tue, 15 Aug 2017 22:17:07 +
> > From: Donald Russell 
> > Reply-To: Linux on 390 Port 
> > To: LINUX-390@VM.MARIST.EDU
> > Subject: Auto login root on 3270 console ttyS0
> >
> > I run a SLES 11 (for emergency recovery) and RHEL 7 system on zVM 6.3/6.4
> >
> > Sysadmins can LOGON BY to get to the zLinux console if necessary.
> >
> > How/what do I have to configure so logging onto the 3270 console gets me
> > logged into root in a bash shell automatically? Similar question for
> > sometimes the system has problems coming up and it's prompting for "Enter
> > root password or CTL-D to continue". How can that be bypassed so it just
> > goes into a bash shell logged in as root?
> >
> > I've searched google and see reams and reams of "autologging root is a
> bad
> > idea"... I say that depends I think the zVM userid/password
> protecting
> > access to the zLinux console is sufficient, the "bad idea" view is based
> on
> > a physical machine that anybody could access, that's not the case for
> > ZLinux on z/VM.
> >
> > Thanks,
> > Donald Russell
> >
> >
> > --
> > Sent from iPhone Gmail Mobile
> >
> > --
> > For LINUX-390 subscribe / signoff / archive access instructions,
> > send email to lists...@vm.marist.edu with the message: INFO LINUX-390
> or visit
> > http://www.marist.edu/htbin/wlvindex?LINUX-390
> > --
> > For more information on Linux on System z, visit
> > http://wiki.linuxvm.org/
> >
>
> Kindest Regards,
>
>
>
> ☮ Paul Flint
> (802) 479-2360 Home
> (802) 595-9365 Cell
>
> /
> Based upon email reliability concerns,
> please send an acknowledgement in response to this note.
>
> Paul Flint
> 17 Averill Street
> Barre, VT
> 05641
>
> --
> For LINUX-390 subscribe / signoff / archive access instructions,
> send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or
> visit
> http://www.marist.edu/htbin/wlvindex?LINUX-390
> --
> For more information on Linux on System z, visit
> http://wiki.linuxvm.org/
>
-- 
Sent from iPhone Gmail Mobile

--
For LINUX-390 subscribe / signoff / archive access instructions,
send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
--
For more information on Linux on System z, visit
http://wiki.linuxvm.org/

Re: Auto login root on 3270 console ttyS0

2017-08-16 Thread Tracy Dean 
> How/what do I have to configure so logging onto the 3270 console gets me
> logged into root in a bash shell automatically? Similar question for
> sometimes the system has problems coming up and it's prompting for 
"Enter
> root password or CTL-D to continue". How can that be bypassed so it just
> goes into a bash shell logged in as root?

Lots of discussion on security on the list, but if you're looking for nuts 
and bolts of how to accomplish auto login, you might find this white paper 
useful:
https://www-03.ibm.com/support/techdocs/atsmastr.nsf/WebIndex/WP101634

Tracy Dean, IBM


--
For LINUX-390 subscribe / signoff / archive access instructions,
send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
--
For more information on Linux on System z, visit
http://wiki.linuxvm.org/

Re: Auto login root on 3270 console ttyS0

2017-08-16 Thread Paul Flint 

Greetings Donald,

The model that many debian packages has preferred over the years is that 
of a "rootless" security model.  In this configuration you must log in as 
a user and then "sudo" to root.  In order to do this you must be in the 
sudoers group or be explicitly mentioned in /etc/sudoers.  If you are 
explicitly cited in /etc/sudoers, then when you get to the "Enter
root password or CTL-D to continue" prompt on your way to busy box - not a 
plesant or optimal situation you can enter your password and get buzy 
fixing whatever broke.


I really am very happy with this "rootless" model, it is uncommon in RHEL 
and SuSE.


Sincerely,

Flint

On Tue, 15 Aug 2017, Donald Russell wrote:


Date: Tue, 15 Aug 2017 22:17:07 +
From: Donald Russell 
Reply-To: Linux on 390 Port 
To: LINUX-390@VM.MARIST.EDU
Subject: Auto login root on 3270 console ttyS0

I run a SLES 11 (for emergency recovery) and RHEL 7 system on zVM 6.3/6.4

Sysadmins can LOGON BY to get to the zLinux console if necessary.

How/what do I have to configure so logging onto the 3270 console gets me
logged into root in a bash shell automatically? Similar question for
sometimes the system has problems coming up and it's prompting for "Enter
root password or CTL-D to continue". How can that be bypassed so it just
goes into a bash shell logged in as root?

I've searched google and see reams and reams of "autologging root is a bad
idea"... I say that depends I think the zVM userid/password protecting
access to the zLinux console is sufficient, the "bad idea" view is based on
a physical machine that anybody could access, that's not the case for
ZLinux on z/VM.

Thanks,
Donald Russell


--
Sent from iPhone Gmail Mobile

--
For LINUX-390 subscribe / signoff / archive access instructions,
send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
--
For more information on Linux on System z, visit
http://wiki.linuxvm.org/



Kindest Regards,



☮ Paul Flint
(802) 479-2360 Home
(802) 595-9365 Cell

/
Based upon email reliability concerns,
please send an acknowledgement in response to this note.

Paul Flint
17 Averill Street
Barre, VT
05641

--
For LINUX-390 subscribe / signoff / archive access instructions,
send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
--
For more information on Linux on System z, visit
http://wiki.linuxvm.org/

Re: Auto login root on 3270 console ttyS0

2017-08-16 Thread Rob van der Heij 
On 16 August 2017 at 00:47, Rick Troth  wrote:

>
> It's arguable that having to enter a password at a "login:" prompt would
> actually be /less/ secure.
>

Indeed. It can be argued, and I did that a lot :-)  A lot of the security
rituals we follow were created for problems that don't exist anymore, or
never existed at all.
https://www.wsj.com/articles/the-man-who-wrote-those-password-rules-has-a-new-tip-n3v-r-m1-d-1502124118

The point is that you separate authentication (show RACF your own pass
phrase) and access control (whether you are allowed to do this). Add to
that the fact that you log the access and annotate that with the console
log of the virtual machine. This is much better than mailing lists or
spreadsheets to distribute root passwords among those who need to know (and
others).

We used to run all guests with root automatically logged on, so those with
a business need for access did not need a root password. When you know the
root password, you can use it in other situations as well. To stress the
point, our Linux guests did not even *have* a root password (pretty funny
when the application developer brought his manager to demand the root
password of the system). But security policy dictated that we had to have a
root password and change it every 30 days, so we set a random root password
through cron on a weekly basis :-)

Rob

--
For LINUX-390 subscribe / signoff / archive access instructions,
send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
--
For more information on Linux on System z, visit
http://wiki.linuxvm.org/

Re: Auto login root on 3270 console ttyS0

2017-08-16 Thread van Sleeuwen, Berry 
Just for reference, let me add SLES12 in this discussion too. I recently 
installed a SLES12 machine and there it should be configured in systemd.

In systemd you don’t have the inittab. The user is to be logged on on ttyS0, so 
you need to ensure serial-getty@ttyS0.service is started during boot. The 
serial-getty services will be started automatically during boot when the 
devices are detected (hvc, ttyS0, ttysclp).

In order to logon a user you need to create 
/etc/systemd/system/serial-getty@ttyS0.service.d/autologin.conf with the 
following content:

[Service]
ExecStart=
ExecStart=-/sbin/agetty --autologin root -s %I dumb

When the service is started it will read the autologin.conf file and start the 
agetty program on ttyS0.

I have found this in the archlinux wiki at 
https://wiki.archlinux.org/index.php/Getty and updated the agetty options to 
match the requirements for an S390 console device.

Met vriendelijke groet/With kind regards/Mit freundlichen Grüßen,
Berry van Sleeuwen

-Original Message-
From: Linux on 390 Port [mailto:LINUX-390@VM.MARIST.EDU] On Behalf Of Mark Post
Sent: Wednesday, August 16, 2017 12:27 AM
To: LINUX-390@VM.MARIST.EDU
Subject: Re: Auto login root on 3270 console ttyS0

>>> On 8/15/2017 at 06:17 PM, Donald Russell <russell@gmail.com> wrote:
> I run a SLES 11 (for emergency recovery) and RHEL 7 system on zVM
> 6.3/6.4
>
> Sysadmins can LOGON BY to get to the zLinux console if necessary.
>
> How/what do I have to configure so logging onto the 3270 console gets
> me logged into root in a bash shell automatically?

For SLES11, modify /etc/inittab
# Default HMC/3215/3270 console
1:2345:respawn:/sbin/ttyrun ttyS0 /sbin/mingetty --noclear %t dumb

and replace it with something like this:
1:012356:respawn:/bin/bash -i


Mark Post

--
For LINUX-390 subscribe / signoff / archive access instructions, send email to 
lists...@vm.marist.edu with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
--
For more information on Linux on System z, visit http://wiki.linuxvm.org/
This e-mail and the documents attached are confidential and intended solely for 
the addressee; it may also be privileged. If you receive this e-mail in error, 
please notify the sender immediately and destroy it. As its integrity cannot be 
secured on the Internet, Atos’ liability cannot be triggered for the message 
content. Although the sender endeavours to maintain a computer virus-free 
network, the sender does not warrant that this transmission is virus-free and 
will not be liable for any damages resulting from any virus transmitted. On all 
offers and agreements under which Atos Nederland B.V. supplies goods and/or 
services of whatever nature, the Terms of Delivery from Atos Nederland B.V. 
exclusively apply. The Terms of Delivery shall be promptly submitted to you on 
your request.

Re: Auto login root on 3270 console ttyS0

2017-08-15 Thread Donald Russell 
Thanks Mark, and others for the suggestions.  I'll check those out.

Cheers,
Don




On Tue, Aug 15, 2017 at 15:28 Mark Post  wrote:

> >>> On 8/15/2017 at 06:17 PM, Donald Russell 
> wrote:
> > I run a SLES 11 (for emergency recovery) and RHEL 7 system on zVM 6.3/6.4
> >
> > Sysadmins can LOGON BY to get to the zLinux console if necessary.
> >
> > How/what do I have to configure so logging onto the 3270 console gets me
> > logged into root in a bash shell automatically?
>
> For SLES11, modify /etc/inittab
> # Default HMC/3215/3270 console
> 1:2345:respawn:/sbin/ttyrun ttyS0 /sbin/mingetty --noclear %t dumb
>
> and replace it with something like this:
> 1:012356:respawn:/bin/bash -i
>
>
> Mark Post
>
> --
> For LINUX-390 subscribe / signoff / archive access instructions,
> send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or
> visit
> http://www.marist.edu/htbin/wlvindex?LINUX-390
> --
> For more information on Linux on System z, visit
> http://wiki.linuxvm.org/
>
--
Sent from iPhone Gmail Mobile

--
For LINUX-390 subscribe / signoff / archive access instructions,
send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
--
For more information on Linux on System z, visit
http://wiki.linuxvm.org/

Re: Auto login root on 3270 console ttyS0

2017-08-15 Thread Scott Rohling 
​Not that most users have it - but those with Class C have the ability to
talk to all the zLinux guests via CP SEND.   So in a sense it is a console
just sitting there, but only those with class C can get in the room.
This privilege is hopefully covered by security policy elsewhere, ensuring
the right people have these privs, they are revalidated, etc etc. We
used to use automation on z/VM that relied on CP SEND and the guests being
logged in as root - it was a nice way to talk to all of your guests
directly from z/VM and issue commands and do queries or some pd ..   but we
have moved away from that in favor of Linux based (ssh, etc) tools.​

To me - it is 'safer' to not login as root (or any id) automatically...
You then disable the ability of any class C user to send an unwanted
command to your guest whether on purpose or accident.   Whether
physical/virtual - the console is sitting there able to be accessed - so it
should really be logged out and force you to provide credentials.

  Strictly my take on it - and it can certainly be argued that CMS
guests are always logged in as root ;-)I would rather just avoid
security concerns altogether unless there is real value to be had.   It
also helps keeping the separation between z/VM support and zLinux support
crisp.

Scott Rohling

On Tue, Aug 15, 2017 at 3:47 PM, Rick Troth  wrote:

> On 8/15/2017 at 06:17 PM, Donald Russell  wrote:
> >> I run a SLES 11 (for emergency recovery) and RHEL 7 system on zVM
> 6.3/6.4
> >>
> >> Sysadmins can LOGON BY to get to the zLinux console if necessary.
> >>
> >> How/what do I have to configure so logging onto the 3270 console gets me
> >> logged into root in a bash shell automatically?
>
>
> On 08/15/2017 06:27 PM, Mark Post wrote:
> > For SLES11, modify /etc/inittab
> > # Default HMC/3215/3270 console
> > 1:2345:respawn:/sbin/ttyrun ttyS0 /sbin/mingetty --noclear %t dumb
> >
> > and replace it with something like this:
> > 1:012356:respawn:/bin/bash -i
>
> That should work.
> I took it up a notch by wrapping up some proper profiling into a shell
> script, which is ...
>
> http://www.casita.net/pub/nord/sbin/conshell
>
>
> (And as I review it, I see that it still lacks the PATH fixup I thought
> was there. Gotta fix that.)
>
> I always run ...
>
> cons:12:respawn:/sbin/conshell
>
>
> It's arguable that having to enter a password at a "login:" prompt would
> actually be /less/ secure.
>
>
> - snip -
>
> All the badness you read about in the Googoo searching is because
> /unattended *physical* boxes/ with a root shell "just sittin there" is
> indeed a bad thing. But you're doing LOGON BY. (Any virtualization would
> have some kind of control over console access, some better than others
> and z/VM is particularly good.) Be prepared to explain how VM is
> protecting the guests when the auditors come knockin.   :-(
>
> Also (and apologies for being pedantic), it's not really a 3270. Linux
> thinks it's talking to a 3215 (or in some cases an HMC interface).
> You're in "CONMODE 3215" so VM presents ye olde typewriter to the guest.
> There /is/ a 3270 driver for Linux, a whole other story. You could even
> do 'TERM CONMODE 3270'.
>
> -- R; <><
>
>
>
>
> --
> For LINUX-390 subscribe / signoff / archive access instructions,
> send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or
> visit
> http://www.marist.edu/htbin/wlvindex?LINUX-390
> --
> For more information on Linux on System z, visit
> http://wiki.linuxvm.org/
>

--
For LINUX-390 subscribe / signoff / archive access instructions,
send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
--
For more information on Linux on System z, visit
http://wiki.linuxvm.org/

Re: Auto login root on 3270 console ttyS0

2017-08-15 Thread Rick Troth 
On 8/15/2017 at 06:17 PM, Donald Russell  wrote:
>> I run a SLES 11 (for emergency recovery) and RHEL 7 system on zVM 6.3/6.4
>>
>> Sysadmins can LOGON BY to get to the zLinux console if necessary.
>>
>> How/what do I have to configure so logging onto the 3270 console gets me
>> logged into root in a bash shell automatically?


On 08/15/2017 06:27 PM, Mark Post wrote:
> For SLES11, modify /etc/inittab
> # Default HMC/3215/3270 console
> 1:2345:respawn:/sbin/ttyrun ttyS0 /sbin/mingetty --noclear %t dumb
>
> and replace it with something like this:
> 1:012356:respawn:/bin/bash -i

That should work.
I took it up a notch by wrapping up some proper profiling into a shell
script, which is ...

http://www.casita.net/pub/nord/sbin/conshell


(And as I review it, I see that it still lacks the PATH fixup I thought
was there. Gotta fix that.)

I always run ...

cons:12:respawn:/sbin/conshell


It's arguable that having to enter a password at a "login:" prompt would
actually be /less/ secure.


- snip -

All the badness you read about in the Googoo searching is because
/unattended *physical* boxes/ with a root shell "just sittin there" is
indeed a bad thing. But you're doing LOGON BY. (Any virtualization would
have some kind of control over console access, some better than others
and z/VM is particularly good.) Be prepared to explain how VM is
protecting the guests when the auditors come knockin.   :-(

Also (and apologies for being pedantic), it's not really a 3270. Linux
thinks it's talking to a 3215 (or in some cases an HMC interface).
You're in "CONMODE 3215" so VM presents ye olde typewriter to the guest.
There /is/ a 3270 driver for Linux, a whole other story. You could even
do 'TERM CONMODE 3270'.

-- R; <><




--
For LINUX-390 subscribe / signoff / archive access instructions,
send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
--
For more information on Linux on System z, visit
http://wiki.linuxvm.org/

Re: Auto login root on 3270 console ttyS0

2017-08-15 Thread Mark Post 
>>> On 8/15/2017 at 06:17 PM, Donald Russell  wrote: 
> I run a SLES 11 (for emergency recovery) and RHEL 7 system on zVM 6.3/6.4
> 
> Sysadmins can LOGON BY to get to the zLinux console if necessary.
> 
> How/what do I have to configure so logging onto the 3270 console gets me
> logged into root in a bash shell automatically?

For SLES11, modify /etc/inittab
# Default HMC/3215/3270 console
1:2345:respawn:/sbin/ttyrun ttyS0 /sbin/mingetty --noclear %t dumb

and replace it with something like this:
1:012356:respawn:/bin/bash -i


Mark Post

--
For LINUX-390 subscribe / signoff / archive access instructions,
send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
--
For more information on Linux on System z, visit
http://wiki.linuxvm.org/