I use rdist regularly to manage a rack full of systems' configuration files. FreeBSD 5 doesn't include the stock rdist anymore, so I'm migrating my processes to use the rdist6 port. However, it seems that if you run rdist6 as root, it ignores the -P /usr/bin/ssh flag an tries to use rcmd directly, which fails since my target systems do not have that service running. It works fine with ssh when running as non-root. Here's the relevant difference in output from a run as root vs. a run as myself with the same arguments: "rdist6 -D -P /usr/bin/ssh -c /tmp/ update5 bkp-prv:" run as me: lorax: [readchild(bkp-prv, 20647, 3) got 289 bytes] bkp-prv: doarrow(80a9220, bkp-prv, 0) start bkp-prv: makeconn(bkp-prv) bkp-prv: updating host bkp-prv bkp-prv: Created notify temp file '/tmp//rdistx7HyCS' bkp-prv: local user = vivek remote user = vivek bkp-prv: Remote command = 'rdistd -S' bkp-prv: Remote shell command = '/usr/bin/ssh' lorax: [readchild(bkp-prv, 20647, 3) write done] lorax: readchild(bkp-prv, 20647, 3) done: amt = -1 errno = 35 lorax: waitup() end run as root: lorax: [readchild(bkp-prv, 59981, 3) got 293 bytes] bkp-prv: doarrow(80a9250, bkp-prv, 0) start bkp-prv: makeconn(bkp-prv) bkp-prv: updating host bkp-prv bkp-prv: Created notify temp file '/tmp//rdistu9PVSb' bkp-prv: local user = root remote user = root bkp-prv: Remote command = 'rdistd -S' bkp-prv: I am root, using rsh, therefore direct rcmd lorax: [readchild(bkp-prv, 59981, 3) write done] lorax: readchild(bkp-prv, 59981, 3) done: amt = -1 errno = 35 lorax: waitup() end the root run then never finishes since the remote command never actually runs. ssh as root works just fine otherwise, and also with the rdist from FreeBSD 4 as root. rdist6 -V: Version 6.1.5 (RELEASE) - Protocol Version 6, Release 6.1, Patch level 5 Is there something I'm missing? I don't see anything in the man page indicating that root can't run rdist6 with -P flag. Vivek Khera, Ph.D. +1-301-869-4449 x806
Vivek Khera <vivek@khera.org> writes:> FreeBSD 5 doesn't include the stock rdist anymore, so I'm migrating my > processes to use the rdist6 port. However, it seems that if you run > rdist6 as root, it ignores the -P /usr/bin/ssh flag an tries to use > rcmd directly, which fails since my target systems do not have that > service running.Might I suggest looking into rsync? It has excellent support for ssh (and in modern versions even defaults to using it for transport) and in general I've found it more amenable to scripting and sensible defaults than rdist. I and colleagues had excellent luck at a past employer of mine porting rdist-based applications to rsync for additional functionality, and currently I use it for certain semi-automated processes as root (with proper options in sshd_config, password-protected keys for root, and ssh-agent, of course). MHO, YMMV, etc, but from my experience rsync has largely supplanted rdist for good reason. Also, I don't want to devolve into advocacy, but if anyone is curious I might be able to get more details on their respective benefits and the issues that were encountered in enterprise-level migration. -- Tim Howe Software Engineer Celebrity Resorts -- Tim Howe Software Engineer Celebrity Resorts 4700 Millenia Blvd., 6th Floor Orlando, FL 32839 407-996-3025 (direct) 407-996-3029 (fax) tim.howe@celebrityresorts.com Confidentiality Note: This e-mail sent by Tim Howe / tim.howe@celebrityresorts.com, and any attachment to it, contains privileged and confidential information intended only for the use of the individual(s) or entity named on the e-mail. If the reader of this e-mail is not the intended recipient, or the employee or agent responsible for delivering it to the intended recipient, you are hereby notified that reading this e-mail is strictly prohibited. If you have received this e-mail in error, please immediately return it to the sender and delete it from your system. Virus Note: This e-mail and any attachment(s) are believed to be free from virus. However, it is the responsibility of the recipient to ensure that they are virus free. We do not accept any liability for any loss or damage arising in any way from the receipt, opening or use of this e-mail and any attachment(s). Thank you.