[ новости /+++ | форум | теги | ]

NAME
     utrcmd, in.utrcmdd - Sun  Ray  enterprise  appliance  remote
     administration

SYNOPSIS
     /opt/SUNWut/lib/utrcmd  [ -n  ]   hostname   command  [ args
     ]

DESCRIPTION
     The utrcmd program provides a way to run Sun Ray administra-
     tive  commands  remotely.    The utrcmd program contacts the
     in.utrcmdd daemon on the remote hostname  and  executes  the
     specified  command  with  the  specified  arguments args (if
     any).

     utrcmd copies its standard input to the remote command,  the
     standard  output  of the remote command to its standard out-
     put, and the standard error of the  remote  command  to  its
     standard  error.  Interrupt, quit, and terminate signals are
     propagated to the remote command; utrcmd normally terminates
     when the remote command does.

OPTIONS
     The following option is supported.

     -n    Redirect the input of utrcmd to /dev/null.  You  some-
           times  need  this option to avoid unfortunate interac-
           tions between utrcmd and the shell which  invokes  it.
           For  example,  if  you are running utrcmd and invoke a
           utrcmd in the background without redirecting its input
           away from the terminal, it will block even if no reads
           are posted by the remote command. The -n  option  will
           prevent this.

USAGE
     Hostnames are given in the hosts database, which may be con-
     tained  in  the  /etc/hosts  file,  the Internet domain name
     database, or both. Each host  has  one  official  name  (the
     first name in the database entry) and optionally one or more
     nicknames. Official hostnames or nicknames may be  given  as
     hostname.

     The utrcmd and in.utrcmdd programs use the Sun Ray  failover
     group configuration to perform a set of checks before allow-
     ing the command to proceed.

     The program utrcmd runs with set-user-ID permission for root
     or  superuser.  However,  it will only proceed if all of the
     following are true (on the initiating system):

        o  The user's real user-ID is superuser, or the user  has
           membership rights in the utadmin group.

        o  The auth.props file is owned by superuser and  is  not
           writable by anyone other than superuser.

        o  The gmSignatureFile property of auth.props specifies a
           group signature file.

        o  The group  signature  file  exists  and  is  owned  by
           superuser and is not readable, writable, or executable
           by anyone other than superuser.

        o  The group signature file is at least 8 bytes long  and
           has    similar    content diversity characteristics as
           required by passwd(1).

        o  The "utrcmd/tcp" service is enabled.

     The in.utrcmdd program will accept the  connection  only  if
     all of the following are true (on the remote system):

        o  The "utrcmd/tcp" service is enabled  and  matches  the
           configuration on the initiating system.

        o  The in.utrcmdd program is enabled in /etc/inetd.conf.

        o  The utadmin group is configured on the system.

        o  The auth.props file is owned by superuser and  is  not
           writable by anyone other than superuser.

        o  The gmSignatureFile property of auth.props specifies a
           group  signature  file.The group signature file exists
           and is owned by superuser and is not  readable,  writ-
           able, or executable by anyone other than superuser.

        o  The group signature file is at least 8 bytes long  and
           has    similar    content diversity characteristics as
           required by passwd(1).

     If the connection is accepted, the utrcmd program  begins  a
     challenge-response  handshake  with  the in.utrcmdd program,
     using the contents of the group signature file to sign  mes-
     sages  (without  revealing  the  contents  of  the signature
     file). Either utrcmd or in.utrcmdd will reject the  transac-
     tion  if the handshake fails. Specifically, the command will
     not be run if the contents of the group signature  files  on
     the two systems differ.

     Finally, the in.utrcmdd will reject the command if it is not
     in  its preconfigured set of allowed commands or if the com-
     mand or args contain disallowed characters (such as '[;`]'),
     which  may  cause a security problems while interpreting the
     command. Commands always run in group utadmin.
     The configured commands (and the user they run as) are:

     Command
           User

     /opt/SUNWut/sbin/utpolicy
           root

     /opt/SUNWut/sbin/utfwadm
           root

     /usr/sbin/dhtadm
           root

     /usr/sbin/pntadm
           root

EXAMPLES
     Example 1: To list the configured token readers on a  remote
     host remhost use:

      utrcmd  remhost /opt/SUNWut/sbin/utpolicy -t list

FILES
     /etc/hosts
           Internet host table

     /etc/group
           Group file

     /etc/inet/services
           Internet services table

     /etc/inetd.conf
           Internet services daemon configuration table

     /etc/opt/SUNWut/auth.props
           Sun Ray authentication properties file

ATTRIBUTES
     See attributes(5) for descriptions of the  following  attri-
     butes:

     ____________________________________________________________
    |       ATTRIBUTE TYPE        |       ATTRIBUTE VALUE       |
    | Availability                | SUNWuto                     |
    |_____________________________|_____________________________|


SEE ALSO
     utauthd(1M), inetd(1M), group(4),  auth.props(4),  hosts(4),
     nsswitch(4), passwd(1), rsh(1), attributes(5)

NOTES
     utrcmd works in a manner similar to  rsh(1).    However,  it
     imposes multiple restrictions to maintain system security.

Партнёры:

Хостинг: