All geek questions in one place

How can you run SFTP through pbrun

I have a server (* nix) where access privileges are limited to specific folders for administrator accounts only. To access some of these folders, we use the pbrun command to tell some "daemon" to access it (I think?).

I need to copy the entire folder in a safe directory (one of the directories on which I am pbrun) to my Windows computer (and not on the server, just on a regular PC).

I think I will need to use SFTP for SSH on the server and capture the files, but since I do not have access to the files in my account, I cannot use SFTP with my credentials. In addition, I do not have passwords for the account on which I am pbrunning, so I cannot just use SFTP directly to this account. And pbrun is not an FTP command, so I cannot just add this to FTP ...

Basically, my question is how can I get this directory on my computer when all the pbrun obstacles stand between it.

+4
source share
3 answers

Pbrun mode provides elevated access privileges, usually identified by a group identifier, and along with a user identifier, which is usually the application identifier. When you have these privileges, much can be done.

Based on your last statement of the problem, I think you can just make a plain copy in a temporary location on the same server and change the ownership / permissions [chown / chmod] to allow the use of files / directories of your regular identifier.

Once you are done, delete the files / cancel the permission as before, depending on what you would choose.

on the other hand, if you want to learn sftp and ftp, the information goes below:

sftp requires that you install ssh keys before you can do ftp. Therefore, I think there are two ways to solve problems:

1) Use regular ftp, where you can specify the username when connecting to the target server. This will be the easiest solution that should work. Cons: transfer without file encryption

2) You can configure ssh keys on a Windows server and allow the application identifier to log in.

Another thing you need to worry about is the ftp service on the Windows machine itself, if there is one or not.

+2
source

Basically you are trying to do the following:

tar cf - file1 file2 | / bin / tar -xf - -C / some / path / directory

You just want the extraction to be performed on the remote system and the content encrypted over the network channel. PowerBroker can be used as a transport channel for moving data. By default, all PowerBroker network traffic is encrypted. You will also need a policy that will allow the team. Try the following:

tar cf - file1 file2 | pbrun -h <target_host> -u <target_user> pbcp

You will need a policy:

 if ( user in {"cire", "wax"} && command=="pbcp" && requestuser in {"oracle", "root", "other", "allowed", "users" }) { runcommand = "/bin/tar"; runargv = { "/bin/tar", "-xf", "-", "-C", "/some/path/directory" }; SetRunEnv(requestuser); accept; }
+1
source

One of my employees showed me a neat trick to get around the pbrun / sftp problem. I can simply create a temporary directory where I and the daemon have access, and then copy the files that I want to transfer to the temp directory. Then I can use my usual credentials for SFTP files on my PC. It hacks (eventually you will need 2 copies of the file for this), but it works.

0
source

Source: https://habr.com/ru/post/1502471/

More articles:


All Articles