Provided by: remctl-server_1.12-2_i386 bug

NAME

       remctld - Server for remctl, a remote command execution utility

SYNOPSIS

       remctld [-dhmv] [-f config] [-p port] [-s service]

DESCRIPTION

       remctld is the server for remctl.  It accepts a connection from remctl,
       receives the command to execute and the arguments, verifies
       authorization of the user and executes the command, returning the
       result back to the client.  All connections are authenticated using
       GSSAPI Kerberos V, and all transmissions are also encrypted using
       Kerberos.

       remctld is normally started using tcpserver or from inetd, but it may
       be run in stand-alone mode as a daemon using -m.  Either -s must be
       given to use an alternate identity (which will require the same flag be
       used for remctl client invocations), or It must be run as root to read
       the host keytab file.  remctld logs its activity using syslog (the
       daemon facility).

       The location of the configuration file may be specified with the -f
       option.  The default location is /etc/remctl/remctl.conf.  For
       information on the format of the configuration file, see "CONFIGURATION
       FILE" below.

OPTIONS

       -d  Verbose debug logging to syslog.

       -f config
           The configuration file for remctld, overriding the default path.

       -h  Show a brief usage message and then exit.

       -m  Enable stand-alone mode.  remctld will listen to its configured
           port, 4444 by default, and handle incoming connections one at a
           time.  This is mostly useful for debugging purposes.

       -p port
           When running in stand-alone mode, Listen on port port rather than
           4444, the default.  This option does nothing unless used with -m.

       -s service
           This option is used to specify the Kerberos service principal for
           remctld to run as, the default is the server host principal:
           "host/<machinename>.stanford.edu"

       -v  Print the version of remctld and exit.

CONFIGURATION FILE

       The configuration file defines the allowed commands and specifies
       access control information.  The configuration file format is lines of
       space- or tab-separated strings, where each line is:

           type service executable [logmask=n[,...]] {aclfile}+

       Blank lines and lines beginning with "#" are ignored.  Lines can be
       continued on the next line by ending them with a backslash ("\").  Be
       aware that comments can be continued with a backslash as well.

       As a special case, a line like:

           include file

       will include file as if its contents were pasted verbatim into the
       configuration file at that point.  file may be a directory, in which
       case all files whose names do not contain a period found in that
       directory will be included (in no particular order).  file should be a
       fully qualified path.

       The meaning of these fields is:

       type
           The type of the command being requested, such as "afs" for the afs
           volume backend.  This is used to group commands together into a
           class and allows all commands in the same class to be passed to the
           same backend program.

       service
           The service within the type being requested, such as "release" for
           the afs volume backend.  The keyword ALL may be used instead of the
           service to specify an executable and aclfiles for the entire type
           in one line.  The service is always passed as the first argument to
           the executable program that is listed for that service.

       executable
           The full path to the commmand executable to run for this type-
           service combination.  (See examples below.)

       logmask=n[,...]
           Limit logging of command arguments.  Any argument listed in the
           logmask list will have its value logged as "**MASKED**".  This is
           to avoid logging the arguments of commands that take privileged
           information.

           For example, if the command is "admin passwd {username} {passwd}",
           then you’d want to set logmask to 3, so the password argument gets
           logged as "**MASKED**".

       aclfile
           The full paths of one or more access control files, each containing
           one Kerberos v5 principal per line, such as
           "username@stanford.edu".  Blank lines and lines beginning with "#"
           are ignored in the ACL files.  As a special case, a line like:

               include file

           in an ACL file includes other ACL files and is handled identically
           to the include directive in configuration files.

           The keyword ANYUSER may be used instead of the aclfiles to allow
           access to all users.  Note the user still needs to authenticate to
           remctld, this only affects authorization.  This can be used for
           backend programs that want to check ACLs themselves and will
           retrieve the authenticated principal from the REMUSER environment
           variable.

EXAMPLES

       Typically remctld is to be started as follows, where "hostname" is the
       machine where remctld will run, and 4444 is the port:

           tcpserver hostname 4444 remctld

       The equivalent line for /etc/inetd.conf is:

           4444 stream tcp nowait root /usr/sbin/tcpd /usr/sbin/remctld

       Example configuration file:

        # Comments can be used like this.
        accounts create /usr/local/bin/doaccount  /etc/acl/group1 /etc/acl/group2
        accounts delete /usr/local/bin/doaccount  /etc/acl/group3
        accounts view   /usr/local/bin/doaccount  ANYUSER
        accounts passwd /usr/local/bin/dopasswd   logmask=3 /etc/acl/group1
        printing ALL    /usr/local/bin/printthing /etc/acl/group2

       The commands "accounts create", "accounts delete", and so forth will
       all be passed to /usr/local/bin/doaccount with the first argument being
       the specific subcommand, with the exception of "accounts passwd".  That
       command will be passed to /usr/local/bin/dopasswd instead, but it will
       still get "passwd" as its first argument.  The third argument to
       "accounts passwd" (presumably the password) will not be logged to
       syslog.  All commands starting with "printing" will be passed to
       /usr/local/bin/printthing.

SEE ALSO

       remctl(1), syslog(3), tcpserver(1)

       The current version of this program is available from its web page at
       <http://www.eyrie.org/~eagle/software/remctl/>.

AUTHOR

       Anton Ushakov <antonu@stanford.edu> is the original author.  Updates
       and current maintenance are done by Russ Allbery <rra@stanford.edu>.

COPYRIGHT AND LICENSE

       Copyright 2002, 2003, 2004, 2005, 2006 Board of Trustees, Leland
       Stanford Jr. University.  All rights reserved.

       Permission to use, copy, modify, and distribute this software and its
       documentation for any purpose and without fee is hereby granted,
       provided that the above copyright notice appear in all copies and that
       both that copyright notice and this permission notice appear in
       supporting documentation, and that the name of Stanford University not
       be used in advertising or publicity pertaining to distribution of the
       software without specific, written prior permission.  Stanford
       University makes no representations about the suitability of this
       software for any purpose.  It is provided "as is" without express or
       implied warranty.

       THIS SOFTWARE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR IMPLIED
       WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
       MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.