The hosts.equiv entry is not an option because I only want them to be able to snapmirror a specific volume, which is hardcoded into the script. If I give the user rsh access then, if they're clever enough to look into the script, they could do pretty much whatever they wanted, no?
~JK
Steve Losen wrote:
Does rsh to a filer require that the real uid be root or just the euid? I am scripting a little snapmirror update for some developers and can't get it to work when it's suid. But if I put a c program in front that sets the uid it works. However, it only seems to work when the real uid is 0, not just euid.
Yes, I believe that rsh uses the real uid and not the euid. Remember that rsh specifies two users when it logs in to the filer 1) the user on the admin host and 2) the user on the filer.
Any user on the admin host can rsh to the filer if you set it up in the /etc/hosts.equiv file. For example, if you have this:
admin.host.com loginid
Then the filer allows real user "loginid" on "admin.host.com" to rsh into the filer. See the na_hosts.equiv man page.
Of course, if the real user is not root, then you need to specify the root user on the filer like this:
rsh toaster -l root command
Steve Losen scl@virginia.edu phone: 434-924-0640
University of Virginia ITC Unix Support