Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 4 Nov 1997 14:00:39 CST
From:      "Robert E. Gunn" <reg@hal-pc.org>
To:        freebsd-isp@FreeBSD.ORG
Subject:   Re: Fw: rdist Alternatives
Message-ID:  <199711042000.OAA14613@hal-pc.org>

next in thread | raw e-mail | index | archive | help
Addressed to: Distribution list (see below)

** Reply to note from "John Brown" <jbrown@vafibre.com> Tue, 4 Nov 1997 12:53:43 -0500 
>    
> I have been working for a couple of weeks now to get rdist to work and have 
> been very unsuccessful. 
>    
> So now on to the next option. I need to duplicate my password db to my 
> secondary radius server. Are there other utilities that I can use to make 
> this happen? 
>    
> rdist info -- In case someone is interested. I started with a 2.1.x box and 
> was able to get it to transfer files from this machine to a 2.2.2 box but 
> could never get it going the other way. So being the smart individual that I 
> am I upgrade the 2.1.x box to 2.2.5 now -- well you guessed it...Now it 
> doesn't work either way. When running with the debug flag it appears to bomb 
> at the first rsh that is executed with a 'permission denied' at this point I 
> have checked everything that I can think of and am at a loss. rlogin will 
> work both way's but rsh and rcp AND rdist will not. (all die with the same 
> message 'Permission Denied'). Nothing in the messages log, NOTHING 
> AAAAAARRRRRRRGGGGGHHHH!!! 
>    
> God I Love Unix!!! ;) 
 
 
OK, here's how I did it. 
 
1) If you are running any kind of reasonable security, the remote system 
   will not allow you to remotely execute as root.  There are VERY good 
   reasons for this. 
 
2) You have to be root to read the master.password file. A small gotcha. 
 
3) I've created a pseudo usr 'etc' to do the actual rcp.  It has group 
   read only access to everything in the /etc directory.  I can't find a 
   security flaw in this--but there are no guarantees. 
 
4) This process runs out of cron every 10 minutes. 

   # rcopy the /etc directory to news:/etc 
   # 960213 00:13 reg  Added rcopy at 10 minute interval 
   */10    *       *       *       *       root    /etc/rcopy 
 
5) The rcopy script is owned by root:
   -rwxr-----  1 root  wheel  1152 Feb 13  1996 rcopy*

------BEGIN rcopy 740-----------------------------------------------------
#!/bin/ksh
# rcopy, version 960212 reg@hal-pc.org 
#========================================================================
# A program to copy the /etc directory to news:/etc/etc.hal-pc.org
# Running as root, it finds the files that do not have group read
# access, chmods those files to read access, su to etc (tricky)
# rcp the /etc directory to news:/etc/etc.hal-pc.org, reverts back
# to root and chmods the files back the way they were.
#========================================================================
# Last Revised UID Modification
# 960212 01:16 reg Original rcopy
#========================================================================
#  DEBUG=true
  if [ ${DEBUG:-false} = true ];then echo "$*\n$PATH\n$PWD";sleep 2;set -xv;fi
  #trap 'echo $0: INTERRUPT;exit' INT
  #trap 'echo $0: ERROR;continue' ERR
  #trap 'echo $0: ERROR' ERR

  tmpfile=/tmp/perms.$$
  cd /etc
  find /etc ! -perm -0040 > $tmpfile

  for file in $(cat $tmpfile)
    do
    chmod g+r $file
  done

  su etc 			# suid to etc and execute rcopy.etc

  for file in $(cat $tmpfile)
    do
    chmod g-r $file
  done

  rm $tmpfile
------------END-rcopy-------------------------------------------------------

6) The second script rcopy.etc is owned by 'etc'.  It ONLY copies files
   that are newer than the date stamp on itself (the last time it ran).

   -rwxr-----  1 etc   wheel   652 Nov  4 13:40 rcopy.etc*

------BEGIN rcopy.etc 740---------------------------------------------------
#!/bin/ksh
# rcopy.etc version 960212 reg@hal-pc.org
#========================================================================
# A program to copy the /etc directory to news:/etc/hal-pc.org/
#========================================================================
# Last Revised UID Modification
# 960212 22:57 reg Changed rcp -rp to find /etc -newer
# 960212 01:27 reg Original rcopy.etc
#========================================================================
#rcp -pr /etc etc@news:/etc/hal-pc.org

find /etc -type f -newer /etc/rcopy.etc\
   -exec rcp -p {} etc@news:/etc/hal-pc.org/{} ';'

touch /etc/rcopy.etc
-------END rcopy.etc---------------------------------------------------------

7) This has been running without serious problems for over a year.
   It keeps all the copied files in a secure area (/etc/hal-pc.org/etc)
   on the target disk.  I've never felt like going back and cleaning it
   up--it works.  I think you've already discovered the nitty-gritty like
   setting up trusted hosts, ....



-- 
Robert Gunn <<Team OS/2>>|Post Office Box 27474    |Voice:+1 713 960 1588
reg@hal-pc.org           |Houston, Texas 77227-7474|Fax:  +1 713 960 9497

HAL-PC: The world's largest computer club and a lot more!

Hiroshima 45, Chernobyl 86, Windows 95

Distribution list: "John Brown" <jbrown@vafibre.com>
                   freebsd-isp@FreeBSD.ORG



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199711042000.OAA14613>