diff options
| author | Alexander Hall <halex@cvs.openbsd.org> | 2015-09-20 10:05:49 +0000 |
|---|---|---|
| committer | Alexander Hall <halex@cvs.openbsd.org> | 2015-09-20 10:05:49 +0000 |
| commit | 278deaf45bc6d79b8b18d0f33b0c7a4655372775 (patch) | |
| tree | 4bfe9612ced8a94d820a7a625ec0a70bf3dc6188 /usr.sbin/rmt/rmt.8 | |
| parent | e1501c563bde3fcc6a83f3df00c78a63c8a20b46 (diff) | |
Add a set of flags to rmt(8) to make it run in a restricted mode,
designed to work with rdump(8) to remote disk.
-d <directory> confines rmt to operate within a single directory.
-r enforces read-only mode.
-w enforces write-only mode.
This is quite usable with public ssh key setup, e.g. having the following in .ssh/authorized/keys:
command="/etc/rmt -rd /backups/machine.example.conf",no-agent-forwarding,... ssh-rsa AAAAB3...
ok semarie@
Diffstat (limited to 'usr.sbin/rmt/rmt.8')
| -rw-r--r-- | usr.sbin/rmt/rmt.8 | 30 |
1 files changed, 25 insertions, 5 deletions
diff --git a/usr.sbin/rmt/rmt.8 b/usr.sbin/rmt/rmt.8 index a48d3d5e3dc..daf626135e2 100644 --- a/usr.sbin/rmt/rmt.8 +++ b/usr.sbin/rmt/rmt.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: rmt.8,v 1.12 2011/07/23 15:40:13 schwarze Exp $ +.\" $OpenBSD: rmt.8,v 1.13 2015/09/20 10:05:48 halex Exp $ .\" .\" Copyright (c) 1983, 1991 The Regents of the University of California. .\" All rights reserved. @@ -29,19 +29,22 @@ .\" .\" from: @(#)rmt.8 6.5 (Berkeley) 3/16/91 .\" -.Dd $Mdocdate: July 23 2011 $ +.Dd $Mdocdate: September 20 2015 $ .Dt RMT 8 .Os .Sh NAME .Nm rmt .Nd remote magtape protocol module .Sh SYNOPSIS -.Nm rmt +.Nm +.Op Fl r | w +.Op Fl d Ar directory .Sh DESCRIPTION .Nm is a program used by the remote dump and restore programs -in manipulating a magnetic tape drive through an interprocess -communication connection. +through an interprocess communication connection. +Traditionally it is used for manipulating a magnetic tape drive but it may +be used for regular file access as well. .Nm is normally started up with an .Xr rcmd 3 @@ -49,6 +52,23 @@ or .Xr rcmdsh 3 call. .Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl d Ar directory +Confine file access to +.Ar directory . +Forward slashes in filenames are disallowed and symlinks are not followed. +.It Fl r +Read-only mode, suitable for use with +.Xr rrestore 8 . +.It Fl w +File write mode, suitable for use with +.Xr rdump 8 +for dumping to regular files. +Creates missing files and refuses to open existing ones. +The file permission bits are set to readonly. +.El +.Pp The .Nm program accepts requests specific to the manipulation of |