1 | #!/bin/sh |
---|
2 | # |
---|
3 | # One of the things that one can do with remctl is create commands that |
---|
4 | # actually run on remote systems, or even emulate rsh with tighter ACLs |
---|
5 | # and no remote accounts. |
---|
6 | # |
---|
7 | # For example, suppose you want to let users run a variety of commands |
---|
8 | # on remote servers. First, write a program that looks at its first |
---|
9 | # argument to figure out what command to run and then passes along its other |
---|
10 | # arguments appropriately. Install that program on the systems where users |
---|
11 | # should be able to start commands. On each system, also install remctld |
---|
12 | # with a configuration file containing something like: |
---|
13 | # |
---|
14 | # start ANY /usr/local/sbin/start-backend /etc/remctl/acl/starters |
---|
15 | # |
---|
16 | # where /usr/local/sbin/start-backend is that implementation. Put the |
---|
17 | # Kerberos principals of the people who should be able to run the backend in |
---|
18 | # /etc/remctl/acl/starters. |
---|
19 | # |
---|
20 | # Now, install the following script as "start". Users can then type: |
---|
21 | # |
---|
22 | # start <host> <action> <option> ... |
---|
23 | # |
---|
24 | # very similar to the syntax of rsh. In fact, if you use "rsh" as the type |
---|
25 | # in your remctld configuration, you can even install this script as rsh. |
---|
26 | # |
---|
27 | # This means that you can even tell software that only knows how to use |
---|
28 | # rsh that the start script is your rsh program and let that software run |
---|
29 | # remote commands with the tighter ACL checking of remctld and no need for |
---|
30 | # an account on the remote system. |
---|
31 | # |
---|
32 | # This idea and sample script are from Romain LENGLET. |
---|
33 | |
---|
34 | if [ $# -lt 2 ] ; then |
---|
35 | echo "Invalid number of parameters" |
---|
36 | exit 1 |
---|
37 | fi |
---|
38 | TYPE="$0" |
---|
39 | HOST="$1" |
---|
40 | SERVICE="$2" |
---|
41 | shift 2 |
---|
42 | exec remctl "${HOST}" "${TYPE}" "${SERVICE}" "$@" |
---|