Date: Tue, 4 Nov 1997 14:00:39 CST From: "Robert E. Gunn" <reg@hal-pc.org> To: freebsd-isp@FreeBSD.ORG Subject: Re: Fw: rdist Alternatives Message-ID: <199711042000.OAA14613@hal-pc.org>
next in thread | raw e-mail | index | archive | help
Addressed to: Distribution list (see below)
** Reply to note from "John Brown" <jbrown@vafibre.com> Tue, 4 Nov 1997 12:53:43 -0500
>
> I have been working for a couple of weeks now to get rdist to work and have
> been very unsuccessful.
>
> So now on to the next option. I need to duplicate my password db to my
> secondary radius server. Are there other utilities that I can use to make
> this happen?
>
> rdist info -- In case someone is interested. I started with a 2.1.x box and
> was able to get it to transfer files from this machine to a 2.2.2 box but
> could never get it going the other way. So being the smart individual that I
> am I upgrade the 2.1.x box to 2.2.5 now -- well you guessed it...Now it
> doesn't work either way. When running with the debug flag it appears to bomb
> at the first rsh that is executed with a 'permission denied' at this point I
> have checked everything that I can think of and am at a loss. rlogin will
> work both way's but rsh and rcp AND rdist will not. (all die with the same
> message 'Permission Denied'). Nothing in the messages log, NOTHING
> AAAAAARRRRRRRGGGGGHHHH!!!
>
> God I Love Unix!!! ;)
OK, here's how I did it.
1) If you are running any kind of reasonable security, the remote system
will not allow you to remotely execute as root. There are VERY good
reasons for this.
2) You have to be root to read the master.password file. A small gotcha.
3) I've created a pseudo usr 'etc' to do the actual rcp. It has group
read only access to everything in the /etc directory. I can't find a
security flaw in this--but there are no guarantees.
4) This process runs out of cron every 10 minutes.
# rcopy the /etc directory to news:/etc
# 960213 00:13 reg Added rcopy at 10 minute interval
*/10 * * * * root /etc/rcopy
5) The rcopy script is owned by root:
-rwxr----- 1 root wheel 1152 Feb 13 1996 rcopy*
------BEGIN rcopy 740-----------------------------------------------------
#!/bin/ksh
# rcopy, version 960212 reg@hal-pc.org
#========================================================================
# A program to copy the /etc directory to news:/etc/etc.hal-pc.org
# Running as root, it finds the files that do not have group read
# access, chmods those files to read access, su to etc (tricky)
# rcp the /etc directory to news:/etc/etc.hal-pc.org, reverts back
# to root and chmods the files back the way they were.
#========================================================================
# Last Revised UID Modification
# 960212 01:16 reg Original rcopy
#========================================================================
# DEBUG=true
if [ ${DEBUG:-false} = true ];then echo "$*\n$PATH\n$PWD";sleep 2;set -xv;fi
#trap 'echo $0: INTERRUPT;exit' INT
#trap 'echo $0: ERROR;continue' ERR
#trap 'echo $0: ERROR' ERR
tmpfile=/tmp/perms.$$
cd /etc
find /etc ! -perm -0040 > $tmpfile
for file in $(cat $tmpfile)
do
chmod g+r $file
done
su etc # suid to etc and execute rcopy.etc
for file in $(cat $tmpfile)
do
chmod g-r $file
done
rm $tmpfile
------------END-rcopy-------------------------------------------------------
6) The second script rcopy.etc is owned by 'etc'. It ONLY copies files
that are newer than the date stamp on itself (the last time it ran).
-rwxr----- 1 etc wheel 652 Nov 4 13:40 rcopy.etc*
------BEGIN rcopy.etc 740---------------------------------------------------
#!/bin/ksh
# rcopy.etc version 960212 reg@hal-pc.org
#========================================================================
# A program to copy the /etc directory to news:/etc/hal-pc.org/
#========================================================================
# Last Revised UID Modification
# 960212 22:57 reg Changed rcp -rp to find /etc -newer
# 960212 01:27 reg Original rcopy.etc
#========================================================================
#rcp -pr /etc etc@news:/etc/hal-pc.org
find /etc -type f -newer /etc/rcopy.etc\
-exec rcp -p {} etc@news:/etc/hal-pc.org/{} ';'
touch /etc/rcopy.etc
-------END rcopy.etc---------------------------------------------------------
7) This has been running without serious problems for over a year.
It keeps all the copied files in a secure area (/etc/hal-pc.org/etc)
on the target disk. I've never felt like going back and cleaning it
up--it works. I think you've already discovered the nitty-gritty like
setting up trusted hosts, ....
--
Robert Gunn <<Team OS/2>>|Post Office Box 27474 |Voice:+1 713 960 1588
reg@hal-pc.org |Houston, Texas 77227-7474|Fax: +1 713 960 9497
HAL-PC: The world's largest computer club and a lot more!
Hiroshima 45, Chernobyl 86, Windows 95
Distribution list: "John Brown" <jbrown@vafibre.com>
freebsd-isp@FreeBSD.ORG
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199711042000.OAA14613>