You are currently browsing the category archive for the ‘Howto’ category.

I do not have a root password for many of the servers I interact with so I can not SSH directly in as the root user. Also, the ssh daemons are wisely configured with ‘PermitRootLogin’ set to ‘no’ so a password would be moot anyway. I do have sudo permissions on the servers so I can connect under my username and sudo the privileged commands as needed. Glazed-eye screen-staring started when I needed to rsync a remote directory that was read-only for root. How do I get rsync to run under sudo on the remote server? I did some searching and here are some options I found.

Option 1. Set NOPASSWD in the /etc/sudoers file.

crashingdaily ALL= NOPASSWD:/usr/bin/rsync

Then use the --rsync-path option to specify the sudo wrapper.

rsync -a -e "ssh" --rsync-path="sudo rsync" /archive

Option 2. For interactive usage, I can pre-activate sudo and then run rsync as in Option 1.

stty -echo; ssh sudo -v; stty echo

rsync -a -e "ssh" --rsync-path="sudo rsync" /archive

The “stty -echo” and “stty echo” is used to temporarily disable the display of the keyboard input to prevent the sudo password from being displayed.

Credits: Wayne Davison and Julian Cowley

Option 3. If sudo is not available, there is possibly an option to use “su”. I was unable to get this to work. su seems to insist on a tty – I get the error ‘standard in must be a tty’. (In this case I do have a root password to use with su, so that’s not an issue).

Create a wrapper script, /usr/local/bin/su-rsync, on the remote server and make it executable.

su – -c "rsync $*"

Then call that script with the --rsync-path option.

rsync -a -e "ssh" --rsync-path=/usr/local/bin/su-rsync /archive

Credit: Wayne Davison

Option 4. Set ‘PermitRootLogin’ to ‘yes’ on the remote server and use SSH key authentication to login directly as the root user. This isn’t really an option for me but I throw it out there for sake of completeness.



Re: how to use option for rsync

rsync using sudo via remote shell

If you don’t know where you are going, any road will take you there.
– Lewis Carroll

My production servers reside behind a perimeter firewall in a data center. A minimal set of ports are open to the world, notably port 22 for sshd and port 80 for the Apache webservers which proxy requests to one of several Tomcat instances. The Tomcat ports are blocked at the data center’s perimeter firewall which means no direct access to Tomcat’s manager interfaces. But that’s OK, there are several options for reaching the Tomcat manager from outside the data center. I’ll glance over three options and then delve into a fourth option that is the gooey center of this posting.

Read the rest of this entry »

I have a shell script to manage and report on my Tomcat instances. I wanted the ‘status’ portion of the script to report on instance uptime (which, by the way, has improved significantly since switching to JRockit). The script was already reporting the PID of the parent tomcat process so I shoved in this one-liner that takes that PID and gets the elapsed time from ps. I filter the result through grep and sed to get a clean human-readable output.

uptime = `ps -o etime $PID |grep -v ELAPSED | sed ‘s/\s*//g’ | sed “s/\(.*\)-\(.*\):\(.*\):\(.*\)/\1d \2h/; s/\(.*\):\(.*\):\(.*\)/\1h \2m/; s/\(.*\):\(.*\)/\1m \2s/”`

echo $uptime

The output is formated as one of days&hours, hours&minutes, minutes&seconds.

6d 08h
03h 23m
20m 56s

Anyone got a better or different way?

ls -d /usr/local/tomcat_instances/{InstanceA, InstanceB, InstanceC, InstanceD}/conf/Catalina/localhost | xargs -i{} cp /usr/local/tomcat_instances/Instance_Template/conf/Catalina/localhost/ROOT.xml {}

rsync -a -e “ssh ssh” :/logs /sync/logs

That is all.

sshfs is wickedly handy for mounting remote directories on your local filesystem. Recently I needed to mount the /logs directory off a remote server so a program on my workstation could process log files in /logs.

The textbook command to do that would be:

[me@workstation]$ sshfs /mnt/svrlogs

The tricky part in this particular case is that the server is on a private network so my workstation can not directly access it. I’m required to first ssh to a gateway machine and then ssh to the server.

----------------               -------------         -------------
|workstation   |               |           |         |  server   |
|              | --------------|  gateway  | ------- |           |
|/mnt/svrlogs  |               |           |         |   /logs   |
----------------               -------------         -------------

I found three ways to work with this scenario. I’d love to hear of more ways and get feedback on these.

Read the rest of this entry »


September 2022