Operating System - HP-UX
1833875 Members
1724 Online
110063 Solutions
New Discussion

'r' commands necessarily required by MC

 
SOLVED
Go to solution
Crystal_1
Frequent Advisor

'r' commands necessarily required by MC

Hi,

Can anyone tell me what 'r' commands, such rlogin, rexec, remsh, etc. does MC/Service Guard required?

"required" means that service guard cann't function without these commands.

Tx, Crystal
7 REPLIES 7
PIYUSH D. PATEL
Honored Contributor
Solution

Re: 'r' commands necessarily required by MC

Hi,

The r commands like rcp are required to transfer the configuration files from one server to other. You may not be using certain commands but MCSG uses the /etc/cmlcuster/cmnodelist file instead of /.rhosts file for resolving the hostnames.

Piyush
PIYUSH D. PATEL
Honored Contributor

Re: 'r' commands necessarily required by MC

Hi,

rcp is needed to distribute the cluster config files. Without remsh capability, you must manually update the cluster files every time there is a change to the cluster(s). Eliminating the remsh command will greatly increase sysadmin overhead and will likely generate a number of cluster integrity problems from time to time (because someone forgot to redistribute the new versions).

.rhosts is not a security risk by itself...it is a risk based on the contents. Since clustered machines are virtually equal and can therefore trust each other. .rhosts must never be readable by anyone except the owner (permissions=600) and must contain the name(s) of the clustered machines plus the user name.

But MCSG works without using the r commands.

Piyush
Pete Randall
Outstanding Contributor

Re: 'r' commands necessarily required by MC

Piyush,

That's bad from, man. It's one thing to quote someone else's answer if you give them credit for it but to plagiarize the whole thing (from Bill Hassell, no less) is incredibly tacky.
http://forums.itrc.hp.com/cm/QuestionAnswer/1,,0x128c107d277ad611abdb0090277a778c,00.html





Pete
Tim D Fulford
Honored Contributor

Re: 'r' commands necessarily required by MC

You can get away without any .rhosts if you use the "cmnodelist" which is similar to the .rhosts but is only for the ServicGuard. I think this is the question you are asking.

Tim
-
MANOJ SRIVASTAVA
Honored Contributor

Re: 'r' commands necessarily required by MC

Hi Crystal

rcp rexec rlogin should be the only commands , however these commands may use some rmeote fnctions , the problems is why do u have such a requirement , in my opinion if you are in a postion to have a options tthne you should use all the r commands available and control securitry at a different level , or make these command only availble to root then to users etc etc.


Manoj Srivastava
Stephen Doud
Honored Contributor

Re: 'r' commands necessarily required by MC

Hello Crystal,

The administrator may need r-cmds to copy files between nodes in the configuration stage of the cluster, but once configured, ServiceGuard does not require the r-cmds.
SG uses the "hacl" tcp/udp ports in /etc/services to communicate between nodes.

-s.
Victor_5
Trusted Contributor

Re: 'r' commands necessarily required by MC

Yes, after configured, I don't think you need r commands any more, the only exception I thought is rlogin, for your convenience, you can allow rlogin for your future checks among nodes.