rdist,rcp are out..how about ftp?
2007-12-25 10:03:00
>Was wondering if anyone had some pointers on distributing config files
>(nsswitch.conf, auto_direct, etc.) across about 200 hosts.
>There are no .rhosts files on any accounts (security reasons). This rules
>out rdist and rcp which is what I have used in the past. I'm not sure if
>ftp could be used. In the past, I've used the .netrc file to automate
>transfers to a particular host, but not 200 of them. Just wondering what
>the general practice is.
>All machines are running Solaris 2.4 with NIS+.
I received many responses to this question. The easiest implementation was
suggested by :
*************************
You can use "ftp-scripts".
I know two ways to handle this:
1. using $HOME/.netrc File
--------------------------
ftp looks at start-time to your .netrc file to detect your
remote-user-name and remote-password
Example:
phoenix{af}1/3: cat .netrc
machine ftp_bk login anonymous password Andreas.Fenner@bk.sel.de
...
phoenix{af}1/4:
This means:
when ftp to ftp_bk
then login with user-name anonymous and password
With this file you can use scripts like:
phoenix{af}1/9: ftp ftp_bk << EOF
cd /pub/etc
get hosts /tmp/hosts
EOF
phoenix{af}1/10: ls -l /tmp/hosts
-rw-r--r-- 1 af 47230 Apr 10 07:04 /tmp/hosts
phoenix{af}1/11:
2. putting user-name & password in the ftp-script
-------------------------------------------------
Example:
phoenix{af}1/18: cat get_ibm_file
#! /bin/sh
/bin/rm -f TELS
#ftp -n -v -d ibm <<++EOF++
ftp -n -v ibm <<++EOF++
user <USER> <PASSWD>
hash
get 'TSO.R15R.TELEFON(TELS)' TELS
bye
++EOF++
chmod 444 TELS
phoenix{af}1/19:
In the first case you can hide the Usernames & password into the .netrc file,
in the second case you must put them into the script.
In both cases you must protect your files from unauthorised read/write access.
***************************************
I used something similiar to his 2nd suggestion. I did have to create two
seperate scripts. One to loop through each host, passing the host name as a
command line argument to the 2nd script. The second script looked like his
"here" script. For some reason I couldn't embed the here document inside
the (for,do,done) loop (for just 1 total script). Also since I was doing a
"put" instead of a "get", it was not possible to set the permission. Not a
big deal since this file should exist on all the machines anyway and file
permission doesn't changed during overwrites. Was curious how to do this
anyway. I think IRIX has a "umask" type command for ftp processes. Didn't
see one in the Solaris man pages.
There were many others that suggested using ssh, expect, NFS, Tivoli and
distribution by mail. Some of these solutions will require setting up some
sort of script or software on each client. This is what I was trying to
avoid. Since most responses suggested ssh, I am going to look into getting
this on my machine.
Thanks for all the help.
Dan Freedman
Comments
Got something to say?
You must be logged in to post a comment.
