cancel
Showing results for 
Search instead for 
Did you mean: 

Not allow rcp

Not allow rcp

I have four  server , I can use rcp to copy file between servers , any user , any direction works fine .

Now I just found that one of user have problem to allow rcp from other servers , but this user can rcp file to other server , even I set ( + + , IP userid , hostname userid etc ) to .rhosts but still not work , the error is as below , it is strange that only this user in this server can not allow rcp , others is OK . can advise what will be the possible reason of it ?

Thanks.

Trying krb4 rcp...
trying normal rcp (/usr/bin/rcp)
Permission denied.

2 REPLIES
Henry Fauni
Valued Contributor

Re: Not allow rcp

1. Check /var/adm/inetd.sec to see if there's a "deny" entry for that user

 

2. Another possibility might be that the user is using a different version of "rcp" because of his PATH variable on his profile. Compare the version of rcp he's using with the user that works. IN other words, he might be using /usr/local/bin/rcp, and the good user is using /usr/bin/rcp.

 

# which rcp

 

Compare the path

Jose Mosquera
Honored Contributor

Re: Not allow rcp

Hi,

 

As Henry say, first check for any rcp service denial rule (man inetd.sec).

 

As rcp and remsh uses same authentication rules I suggest you a easy way to check rcp's access availability by using remsh command. From your remote system uses this remsh command syntax:
#remsh <target_server> -l <target_server_user> -n "ls -l"
Important: if your command syntax include spaces inside you must use double quotes to define the start and the end of this command.

Before this command execution you must ensure that create a .rhost file into home directory of the user indicated as <target_server_user>, this .rhosts must include inside the remote-system-name (or IP) and remote-user-name that initiate the rcp/remsh request. Only as quick debug purpose you could use "+ +" inside the .rhost file, remember that "+ +" is a serious security hole!

Considerations:
1.- The <target_server_user> must exists and be active on your target server.
2.- The rcp/remsh request will landing on the home directory of <target_server_user>, for this reason must have enough privileges to execute the command included into double quotes on the -n option, in this case: ls -l.

Then, when you achive the correct remote execution of your remsh command you will ready to use rcp command.

Rgds.