LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (https://www.linuxquestions.org/questions/linux-server-73/)
-   -   trying normal rcp (/usr/bin/rcp) Permission denied. (https://www.linuxquestions.org/questions/linux-server-73/trying-normal-rcp-usr-bin-rcp-permission-denied-639111/)

Martin Peter Clarke 05-01-2008 08:44 AM

trying normal rcp (/usr/bin/rcp) Permission denied.
 
If I run rcp as root to root it works.

If I run it as accounts oracle to oracle at one customer, it works.

At another, it doesn't:

...
trying normal rcp (/usr/bin/rcp)
Permission denied.

I really, really have tried EVERYTHING, apart from what works.

Including a high priority call with RedHat, a week old, with no response.

I've searched the web exhaustively for solutions and given up: you are the most recommended resource.

I HAVE to use rcp, I HAVE to use the oracle (and Oracle can't / won't help either) account AND an ad-hoc account.

I will pay out of my own pocket for a solution if it comes today!

Regards
Martin

beadyallen 05-01-2008 10:43 AM

Forgoing all the reasons to not use rcp/rsh etc, you probably need to supply some more information about what you've tried.
For instance, when you say permission denied, do you mean you can't execute rcp as a normal user, or that the authentication fails? If you just can't execute rcp, change the permissions. If the authentication fails, then it could be any number of reasons. Are accounts set up properly on all machines, together with .k5login/ hosts.equiv files etc. Does rsh work between machines?

Martin Peter Clarke 05-02-2008 03:51 AM

Thanks beadyallen

Authentication vs. permission: it says Permsission denied below.

k5login & hosts.equiv - I've never had to use these before, investigated at the time, discounted. See final comment.

As for rsh - I'm a mere DBA and have a lot of catching up to do - in other words I don't know how to test it yet.

Edit from my log at customer site follows.

WORKS AS ROOT! [and as oracle using sudo - NOT A DEVELOPMENTALLY / POLITICALLY ACCEPTABLE SOLUTION!]

[root@gbbirwmfo1 swmfol]# rcp -p 1_205702_611404834.dbf.Z gbbirwmfo2.efguk.efg.corp:/u01/app/oracle/temp
connect to address 10.1.1.61: Connection refused
Trying krb4 rcp...
connect to address 10.1.1.61: Connection refused
trying normal rcp (/usr/bin/rcp)

TARGET DIRECTORY:

[root@gbbirwmfo2 oracle_archs]# cd /u01/app/oracle/temp
[root@gbbirwmfo2 temp]# ls

1_205702_611404834.dbf.Z

As ORACLE

rcp -p 1_205720_611404834.dbf.Z gbbirwmfo2.efguk.efg.corp:/u01/app/oracle/temp
connect to address 10.1.1.61: Connection refused
Trying krb4 rcp...
connect to address 10.1.1.61: Connection refused
trying normal rcp (/usr/bin/rcp)
Permission denied

CHECKED rsh, rlogin and rexec set in /etc/securetty

ALL .rlogins in oracle & root accounts configured, internally & externally (permissions).

At another customer, where I did the entire build from the O/S up inclusive on both live & DR rcp works from the oracle account. I didn't have to use

On the customer above I just built the DR box.

What am I failing to compare between the live boxes on both customers? I'll report my comparison.

Thanks for your response so far regardless mate, any more is a bonus!

Regards
Martin

beadyallen 05-02-2008 07:10 AM

Alright, your problem is most likely a mapping of usernames. I'm guessing that on the remote machines, you've got a .rhosts file containing a list of valid ip addresses. This will probably work fine for the 'root' and 'oracle' accounts, since these will exist on both machines. However, it's likely that your local username isn't valid on the remote machines. To fix it, you can add a line to the .rhosts file. For instance, if you want user 'geoff' (which is valid on your local machine, with ip address 192.168.1.32) to be able to copy things as the 'oracle' user on a remote machine, add the following to the .rhosts in the remote oracle user's home directory:
Code:

192.168.1.32 geoff
However, as I hinted at before, DON'T USE RCP/RSH/RLOGIN. Please. Especially not across the internet. Change to using ssh/scp instead. It's much more secure.

jbilla 05-02-2008 07:37 AM

Martin,

Have you mounted /u01 with acl?
mount -l |grep "/u01"
Can you check (or paste output) for the permission for /u01/app/oracle/temp with getfacl if you have acl on it? It could have been the reason that acl might have set just only for one of your oracle user to deny writing there.

Just though of that if that can help you out...

casperpache 12-21-2010 10:42 AM

I know this is an old post but as i have just managed to resolve this problem for myself i thought id post my solution.

Beadyallens response was exactly what was the problem with my issue.

My scenario....
i have ServerA.doodle.com that contained a file called /transfers/TestA.
I also have ServerB.doodle.com where i wanted to copy the file to as user bob.
A user called bob needed to log onto ServerB and copy the TestA file from ServerA.


To get this to work....
On ServerA, I had to create a .rhosts file in the home directory for bob (/home/bob/.rhosts) and add the below line....

ServerB.doodle.com bob
This line allows bob on ServerB to access and copy files from ServerA

Then I logged onto ServerB as bob and ran the rcp command as below:-

rcp ServerA:/transfers/TestA /home/bob/


The main problem i had which had me going round in circles was that i never had the correct hostname of ServerA in the .rhosts file.
This needs to be input as your server resolves it.
i.e. I originally thought that because in my hosts file i had the nickname as ServerA it would figure it out, so i had...
ServerA bob

After amending this to the below it worked fine.
ServerA.doodle.com bob

Hope this helps someone.


All times are GMT -5. The time now is 09:35 AM.