Date: Wed, 23 Apr 1997 09:19:27 -0500 (CDT) From: Mark Tinguely <tinguely@plains.nodak.edu> To: Joachim.Wunder@lrz-muenchen.de, questions@freebsd.org Subject: Re: rdump problems [help] Message-ID: <199704231419.JAA21409@plains.nodak.edu>
next in thread | raw e-mail | index | archive | help
> I try dumping a just installed 2.1.7 box with another BSDi 2.1 box. Both are
> connected via NE2000 cards. telnet e.g. works perfectly. Only rsh from the BSDi
> 2.1 box only says "permission denied" when I give the following command on the
> BSDi box:
>
> rsh -l root <FreeBSD-Box> rdump <BSDi-Box>:/dev/nrst0 0fBu 10000000 /
>
> Of course I set .rhosts in /root of the <FreeBSD-Box> with:
> <BSDi-Box> root
you need to add the FreeBSD-Box root in the BSDi-Box's root .rhost also:
BSDi# rsh "rdump <BSDi-Box>:/dev/nrst0 0fBu 10000000 /dev/xxxx"
sends the rdump command to the FreeBSD-box the FreeBSD-box issues
the command "rmt" to the BSDi-box to dump the filesystem on the
BSDi-box's tape drive.
I do not like setting root .rhosts like this. I would rather set rdump
suid, with a new tape group, change the group on the remote raw devices
and send commands using a special backup account.
If you do this from cron (and have clocks fairly synced), a person can make
these changes right before scheduled backups and change them back afterwards
to narrow the window of vunerability
chgrp remtape /sbin/rdump # for remote machine
chmod 4550 /sbin/rdump # for remote machine
chown remtape.remtape /dev/nrst0 # for local machine
chgrp remtape /dev/rsd0a # do also for other raw partitions
mv ~remtape/rhost ~remtape/.rhosts # for both machines
as remtape you can now issue rsh command(s) to backup local or remote machines
clean up by undoing the above:
mv ~remtape/.rhost ~remtape/rhosts
chgrp tty /sbin/rdump
chmod 555 /sbin/rdump # (rdump's group is remtape)
chgrp wheel /dev/rsd0a # etc for other raw partitions
chown root.wheel /dev/nrst0
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199704231419.JAA21409>