Date: Wed, 23 Apr 1997 09:19:27 -0500 (CDT) From: Mark Tinguely <tinguely@plains.nodak.edu> To: Joachim.Wunder@lrz-muenchen.de, questions@freebsd.org Subject: Re: rdump problems [help] Message-ID: <199704231419.JAA21409@plains.nodak.edu>
next in thread | raw e-mail | index | archive | help
> I try dumping a just installed 2.1.7 box with another BSDi 2.1 box. Both are > connected via NE2000 cards. telnet e.g. works perfectly. Only rsh from the BSDi > 2.1 box only says "permission denied" when I give the following command on the > BSDi box: > > rsh -l root <FreeBSD-Box> rdump <BSDi-Box>:/dev/nrst0 0fBu 10000000 / > > Of course I set .rhosts in /root of the <FreeBSD-Box> with: > <BSDi-Box> root you need to add the FreeBSD-Box root in the BSDi-Box's root .rhost also: BSDi# rsh "rdump <BSDi-Box>:/dev/nrst0 0fBu 10000000 /dev/xxxx" sends the rdump command to the FreeBSD-box the FreeBSD-box issues the command "rmt" to the BSDi-box to dump the filesystem on the BSDi-box's tape drive. I do not like setting root .rhosts like this. I would rather set rdump suid, with a new tape group, change the group on the remote raw devices and send commands using a special backup account. If you do this from cron (and have clocks fairly synced), a person can make these changes right before scheduled backups and change them back afterwards to narrow the window of vunerability chgrp remtape /sbin/rdump # for remote machine chmod 4550 /sbin/rdump # for remote machine chown remtape.remtape /dev/nrst0 # for local machine chgrp remtape /dev/rsd0a # do also for other raw partitions mv ~remtape/rhost ~remtape/.rhosts # for both machines as remtape you can now issue rsh command(s) to backup local or remote machines clean up by undoing the above: mv ~remtape/.rhost ~remtape/rhosts chgrp tty /sbin/rdump chmod 555 /sbin/rdump # (rdump's group is remtape) chgrp wheel /dev/rsd0a # etc for other raw partitions chown root.wheel /dev/nrst0
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199704231419.JAA21409>