HPE Community
Operating System - HP-UX
1836484 Members
2493 Online
110101 Solutions
New Discussion

'r' commands necessarily required by MC

 
SOLVED
Go to solution
Crystal_1
Frequent Advisor

‎06-17-2002 04:57 AM

‎06-17-2002 04:57 AM

'r' commands necessarily required by MC

Hi,

Can anyone tell me what 'r' commands, such rlogin, rexec, remsh, etc. does MC/Service Guard required?

"required" means that service guard cann't function without these commands.

Tx, Crystal
0 Kudos
Reply
7 REPLIES 7
PIYUSH D. PATEL
Honored Contributor

‎06-17-2002 05:05 AM

‎06-17-2002 05:05 AM

Solution

Re: 'r' commands necessarily required by MC

Hi,

The r commands like rcp are required to transfer the configuration files from one server to other. You may not be using certain commands but MCSG uses the /etc/cmlcuster/cmnodelist file instead of /.rhosts file for resolving the hostnames.

Piyush
Reply
PIYUSH D. PATEL
Honored Contributor

‎06-17-2002 05:20 AM

‎06-17-2002 05:20 AM

Re: 'r' commands necessarily required by MC

Hi,

rcp is needed to distribute the cluster config files. Without remsh capability, you must manually update the cluster files every time there is a change to the cluster(s). Eliminating the remsh command will greatly increase sysadmin overhead and will likely generate a number of cluster integrity problems from time to time (because someone forgot to redistribute the new versions).

.rhosts is not a security risk by itself...it is a risk based on the contents. Since clustered machines are virtually equal and can therefore trust each other. .rhosts must never be readable by anyone except the owner (permissions=600) and must contain the name(s) of the clustered machines plus the user name.

But MCSG works without using the r commands.

Piyush
0 Kudos
Reply
Pete Randall
Outstanding Contributor

‎06-17-2002 05:27 AM

‎06-17-2002 05:27 AM

Re: 'r' commands necessarily required by MC

Piyush,

That's bad from, man. It's one thing to quote someone else's answer if you give them credit for it but to plagiarize the whole thing (from Bill Hassell, no less) is incredibly tacky.
http://forums.itrc.hp.com/cm/QuestionAnswer/1,,0x128c107d277ad611abdb0090277a778c,00.html





Pete
0 Kudos
Reply
Tim D Fulford
Honored Contributor

‎06-17-2002 06:16 AM

‎06-17-2002 06:16 AM

Re: 'r' commands necessarily required by MC

You can get away without any .rhosts if you use the "cmnodelist" which is similar to the .rhosts but is only for the ServicGuard. I think this is the question you are asking.

Tim
-
0 Kudos
Reply
MANOJ SRIVASTAVA
Honored Contributor

‎06-17-2002 06:37 AM

‎06-17-2002 06:37 AM

Re: 'r' commands necessarily required by MC

Hi Crystal

rcp rexec rlogin should be the only commands , however these commands may use some rmeote fnctions , the problems is why do u have such a requirement , in my opinion if you are in a postion to have a options tthne you should use all the r commands available and control securitry at a different level , or make these command only availble to root then to users etc etc.


Manoj Srivastava
0 Kudos
Reply
Stephen Doud
Honored Contributor

‎06-18-2002 05:30 AM

‎06-18-2002 05:30 AM

Re: 'r' commands necessarily required by MC

Hello Crystal,

The administrator may need r-cmds to copy files between nodes in the configuration stage of the cluster, but once configured, ServiceGuard does not require the r-cmds.
SG uses the "hacl" tcp/udp ports in /etc/services to communicate between nodes.

-s.
Reply
Victor_5
Trusted Contributor

‎06-18-2002 05:40 AM

‎06-18-2002 05:40 AM

Re: 'r' commands necessarily required by MC

Yes, after configured, I don't think you need r commands any more, the only exception I thought is rlogin, for your convenience, you can allow rlogin for your future checks among nodes.
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.