Summary: permission denied on remote backup

From: Martin Meadows (PZXKYS@atdva3.atd.gmeds.com)
Date: Thu Nov 19 1998 - 09:24:35 CST


Here's a summary of the responses to

> I'm trying to dump filesystems from one machine XXX to another
> machine's (YYY) tape drive. Each time I attempt the dump, I get
> "permission denied". This was working for me until I recently
> rebuilt the remote machine (YYY) and upgraded XXX. I've checked
> YYY's /.rhosts file and tried various forms of the XXX machine name.
> I've tried XXX fully qualified & as an alias.
>
> The command I'm using from XXX is
> /usr/etc/dump )cdstfu 54000 6000 126 YYY:/dev/rmt/0n /
>
> This was definitely working fine until I rebuilt machine YYY and
> upgraded XXX.
>
> I can telnet from XXX to YYY with no problem.
> Machine XXX has an old OS on it (4.1.3_u1 vB). Machine YYY has
> Solaris 2.5. The tape drive, for what it's worth, is an exabyte 8200.
>
> Martin Meadows
> Indianapolis, IN

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Special thanks to the following people for responding to my post:
David, Todd, Olivier, Judy, Mark, Bill , Dave, Chris, Frank,
Ronald , Dennis, Bob and Jonathan!
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Many said something similar to the following :

... make sure of the following:

        1. Entries in .rhosts files for users
        2. Entries in /etc/hosts.equiv
        3. Host entries listed in /etc/hosts file if using DNS/files.

Here are some specific responses:

"/etc/hosts.equiv is not used for the root login, but it is
 for all other accounts."

"The documentation for ufsdump makes it sound like the .rhosts file is
 all you need, but I have found this not to be the case."

"On some versions of the OS there is a bug which requires that *both*
 machines have the other machine listed in the .rhosts file. Also, make
 sure the permissions on the .rhosts file are correct. It is supposed
 to be either 600 or 400 mode. Some versions of the OS enforce this
 requirement and some don't. A good way to determine what name needs to
 be put into the .rhosts file is to telnet from XXX to YYY and then use
 the "who" command to see what machine the system thinks you came from."

"Are each machine names in the others .rhost file? Both machines? You
 mention only that XXX is in YYY but what about the other way around.
 Also how does rdist respond? Can you send something both ways? Also
 what about rsh and rlogins? Can you go both ways? Sometimes when we
 hit problems like this it turns out to be something in the remote
 machine's .cshrc or .login."

"... the command will require that both servers
 have access to eath other (that is, a sends an rsh to b, and b
 sends data to a), you might also want to confirm that /etc/hosts.equiv
 and .rhosts are set on both machines to allow them access to each
 other..."

"Can you do a simple: rsh YYY date
 from XXX? Does your new Solaris box have multiple IP addresses? It
 will choose randomly from them when it answers. This means that .rhosts
 files have to list all the names of the machine."

Several people wanted to know if I could use rlogin or rsh. I found that
the best/quickest way to check my problem was with the rsh date command
mentioned above.

A couple people pointed out that the fact that I could use telnet didn't
prove anything, since it didn't test the "trusted" aspect of the operation
via .rhosts & hosts.equiv.

"I have run into two different reasons for this problem after upgrading.
 1. The group in /dev must be operator for backups. (upgrading sometimes
 changes it for some reason.)
 2. The wrappers in /etc/banners needs to be opened up where to allow
 remote access during tape dumps."

"On machine YYY, make sure that there is a symlinke in /etc pointing to
 /usr/sbin/rmt. That's where the older machines look for it."

"Have you tried /usr/etc/dump 0cdstfu 54000 6000 126 YYY:/dev/rmt/0n /dev/rsd0a
 using the device name which is mounted on the root partition? That worked in
 SunOS_4.0.3, and that is how ufsdump works in Solaris 2.5."

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

And here's what fixed the problem:

Despite the fact that I thought I had put XXX in /.rhosts correctly, I
started over, used the suggestion to telnet to each system, examine the
"who" output to get the exact nodenames, going each way. I then confirmed
that YYY was already in my XXX /.rhosts file. Next I put XXX in /.rhosts
(on YYY) exactly as I had seen it from the "who" output. Finally, I set
the privs to 600 on /.rhosts on both systems ... and it worked!

Thanks again for all the SUPER support!!



This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:12:53 CDT