jimzah/openafs
1
0
Fork 0
mirror of https://git.openafs.org/openafs.git synced 2025-01-22 08:50:17 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
d7da1acc31
openafs/doc/html/AdminReference/auarf228.htm

121 lines
6.9 KiB
HTML
Raw Normal View History

initial-html-documentation-20010606 pull in all documentation from IBM
2001-06-06 20:09:07 +01:00
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
<HTML><HEAD>
<TITLE>Administration Reference</TITLE>
<!-- Begin Header Records ========================================== -->
<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
</HEAD><BODY>
<!-- (C) IBM Corporation 2000. All Rights Reserved -->
<BODY bgcolor="ffffff">
<!-- End Header Records ============================================ -->
<A NAME="Top_Of_Page"></A>
<H1>Administration Reference</H1>
<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf227.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf229.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
<P>
<H2><A NAME="HDRRCP" HREF="auarf002.htm#ToC_242">rcp (AFS version)</A></H2>
<A NAME="IDX5422"></A>
<A NAME="IDX5423"></A>
<A NAME="IDX5424"></A>
<A NAME="IDX5425"></A>
<A NAME="IDX5426"></A>
<A NAME="IDX5427"></A>
<P><STRONG>Purpose</STRONG>
<P>Copies a file on a remote machine
<P><STRONG>Synopsis</STRONG>
<PRE><B>rcp</B> [<B>-p</B>] &lt;<VAR>file1</VAR>> &lt;<VAR>file2</VAR>>
<B>rcp</B> [<B>-r</B>] [<B>-p</B>] &lt;<VAR>file</VAR>><SUP>+</SUP> &lt;<VAR>directory</VAR>>
</PRE>
<P><STRONG>Description</STRONG>
<P>The AFS-modified <B>rcp</B> program functions like the standard UNIX
<B>rcp</B> program, but also passes the issuer's AFS token to the
remote machine's Cache Manager, to enable authenticated access to the AFS
filespace via that machine.
<P>Token passing is most effective if both the remote machine and local
machine belong to the same cell, because the <B>rcp</B> command can pass
only one token even if the user has several tokens--it passes the token
listed first in the output from the <B>tokens</B> command. If the
remote and local machine do not belong to the same cell, the possibilities are
as follows:
<UL>
<P><LI>The passed token is for the remote machine's cell. The issuer
accesses the remote cell's AFS file tree as an authenticated AFS user,
but is considered <B>anonymous</B> in the local cell and so can exercise
only the access rights granted to the <B>system:anyuser</B> group
there. For example, to copy a file into a local AFS directory from the
remote cell, the directory's ACL must grant the <B>l</B>
(<B>lookup</B>) and <B>i</B> (<B>insert</B>) permissions to the
<B>system:anyuser</B> group.
<P><LI>The passed token is for the local machine's cell. The issuer
accesses the remote cell's AFS file tree as <B>anonymous</B>, and so
can only exercise the access rights granted to the
<B>system:anyuser</B> group.
</UL>
<P>In addition to running the AFS version of the <B>rcp</B> binary on the
machine where the <B>rcp</B> command is issued, other configuration
changes are necessary for token passing to work properly. See the
<B>Cautions</B> section for a list.
<P>The AFS version of the <B>rcp</B> command is compatible with the
standard <B>inetd</B> command, but token passing works only if both
programs are modified to handle AFS tokens. If only one of them is
modified, the issuer accesses the AFS filespace through the remote machine as
the <B>anonymous</B> user.
<P><STRONG>Cautions</STRONG>
<P>The AFS distribution does not include an AFS-modified version of this
command for every system type, in some cases because the operating system
vendor has already modified the standard version in the required way.
For details, see the <I>IBM AFS Release Notes</I>.
<P>The AFS <B>rcp</B> command does not allow third party copies, in which
neither the source file nor the target file is stored on the machine where the
command is issued. The standard UNIX <B>rcp</B> command claims to
provide this functionality.
<P>For security's sake, use the AFS version of the <B>rcp</B> command
only in conjunction with PAGs, either by using an AFS-modified login utility,
issuing the <B>pagsh</B> command before obtaining tokens, or including the
<B>-setpag</B> flag to the <B>klog</B> command.
<P>Several configuration requirements and restrictions are necessary for token
passing to work correctly with an AFS-modified version of the <B>rcp</B>
command. Some of these are also necessary with the standard UNIX
version, but are included here because the issuer accustomed to AFS
protections is possibly unlikely to consider them. There are possibly
other UNIX-based requirements and restrictions not mentioned here;
consult the UNIX manual page. (One important one is that no
<TT>stty</TT> commands can appear in the issuer's shell initialization
file, such as the <B>.cshrc</B> file.)
<P>The requirements and restrictions for token passing include the
following.
<UL>
<P><LI>The local machine must be running the AFS version of the <B>rcp</B>
command, with the <B>rcp</B> binary file locally installed to grant setuid
privilege to the owner, the local superuser <B>root</B>.
<P><LI>The remote machine must be running the AFS version of the <B>inetd</B>
program.
<P><LI>If the <B>rcp</B> command is to consult a <B>.rhosts</B>
file on the remote machine, the file must have UNIX protections no more
liberal than <B>-rw-r--r--</B>. If the <B>.rhosts</B>
file resides in a user home directory in AFS, the home directory must also
grant the <B>lookup</B> (<B>l</B>) and <B>read</B> (<B>r</B>)
permissions to the <B>system:anyuser</B> group.
</UL>
<P><STRONG>Options</STRONG>
<P>Consult the UNIX manual page for the <B>rcp</B> command.
<P><STRONG>Privilege Required</STRONG>
<P>None
<P><STRONG>Related Information</STRONG>
<P><A HREF="auarf179.htm#HDRINETD">inetd (AFS version)</A>
<P><A HREF="auarf235.htm#HDRTOKENS">tokens</A>
<P>UNIX manual page for <B>rcp</B>
<P><I>IBM AFS Release Notes</I>
<P>
<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf227.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf229.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
<!-- Begin Footer Records ========================================== -->
<P><HR><B>
<br>&#169; <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
</B>
<!-- End Footer Records ============================================ -->
<A NAME="Bot_Of_Page"></A>
</BODY></HTML>
Reference in New Issue Copy Permalink