2 <html lang="en-us" itemscope itemtype="http://schema.org/Article">
5 <meta name="description" content=" Attempted to integrate Rexec into gpdb_add_project.pl and have it talk to Nice Looked into problem with Cygwin, Samba and ssh...">
6 <meta name="generator" content="Movable Type 5.2.3">
7 <title>gpdb_add_project.pl using gpdb user and Nice - Status</title>
8 <link rel="alternate" type="application/atom+xml" title="Recent Entries" href="http://defaria.com/blogs/Status/atom.xml">
9 <link rel="canonical" href="http://defaria.com/blogs/Status/2006/10/gpdb-add-projec.html">
10 <meta name="viewport" content="width=device-width,initial-scale=1">
11 <link rel="stylesheet" href="http://defaria.com/blogs/Status/styles.css">
13 <link rel="stylesheet" href="http://defaria.com/blogs/Status/styles_ie.css">
14 <script src="/mt/mt-static/support/theme_static/rainier/js/html5shiv.js"></script>
17 <link rel="start" href="http://defaria.com/blogs/Status/">
19 <link rel="prev" href="http://defaria.com/blogs/Status/2006/10/improved-gpdp-a.html" title="Improved gpdp_add_project">
20 <link rel="next" href="http://defaria.com/blogs/Status/2006/10/perldb-tips.html" title="PerlDB Tips">
21 <!-- Open Graph Protocol -->
22 <meta property="og:type" content="article">
23 <meta property="og:locale" content="en-us">
24 <meta property="og:title" content="gpdb_add_project.pl using gpdb user and Nice">
25 <meta property="og:url" content="http://defaria.com/blogs/Status/2006/10/gpdb-add-projec.html">
26 <meta property="og:description" content=" Attempted to integrate Rexec into gpdb_add_project.pl and have it talk to Nice Looked into problem with Cygwin, Samba and ssh...">
27 <meta property="og:site_name" content="Status">
28 <meta property="og:image" content="/mt/mt-static/support/theme_static/rainier/img/siteicon-sample.png">
30 <meta itemprop="description" content=" Attempted to integrate Rexec into gpdb_add_project.pl and have it talk to Nice Looked into problem with Cygwin, Samba and ssh...">
31 <link itemprop="url" href="http://defaria.com/blogs/Status/2006/10/gpdb-add-projec.html">
32 <link itemprop="image" href="/mt/mt-static/support/theme_static/rainier/img/siteicon-sample.png">
37 <div id="container-inner">
38 <header id="header" role="banner">
39 <div id="header-inner">
40 <div id="header-content">
42 <a href="http://defaria.com/blogs/Status/">
51 <nav role="navigation">
53 <li><a href="http://defaria.com/blogs/Status/">Home</a></li>
62 <div id="content-inner">
63 <ul class="breadcrumb breadcrumb-list">
64 <li class="breadcrumb-list-item"><a href="http://defaria.com/blogs/Status/">Home</a></li>
65 <li class="breadcrumb-list-item">gpdb_add_project.pl using gpdb user and Nice</li>
67 <div id="individual-main" class="main" role="main">
68 <article id="entry-1838" class="entry entry-asset asset hentry">
69 <div class="asset-header">
70 <h2 itemprop="name" class="asset-name entry-title">gpdb_add_project.pl using gpdb user and Nice</h2>
71 <footer class="asset-meta">
72 <ul class="asset-meta-list">
73 <li class="asset-meta-list-item">Posted on <time datetime="2006-10-13T17:31:59-08:00" itemprop="datePublished">October 13, 2006</time></li>
74 <li class="asset-meta-list-item">by <span class="author entry-author vcard"></span></li>
77 <li class="asset-meta-list-item">in <a itemprop="articleSection" rel="tag" href="http://defaria.com/blogs/Status/gpdb/">GPDB</a></li>
83 <div class="entry-content asset-content" itemprop="articleBody">
85 <li>Attempted to integrate Rexec into gpdb_add_project.pl and have it talk to Nice</li>
87 <li>Looked into problem with Cygwin, Samba and ssh</li>
89 <h3>Rexec, gpdb_add_project.pl and Nice</h3>
91 <p>I've been making some slow but steady progress with gpdb_add_project.pl. I've:</p>
94 <li>Implemented an Rexec Perl module that allows better access to remote sites. It does this by attempting ssh then rsh and finally telnet in an attempt to contact the remote site. It's object oriented and allows you to repeatedly execute remote commands without having to repeatedly login. Finally it can take a different username than the person running the script.</li>
96 <li>David then got me set up with a generic gpdb user for the Dallas and Nice sites.</li>
99 <p>In attempting to use the new generic gpdb user I encountered a few problems. The biggest difference isg pdb user is tcsh (and csh I think) oriented whereas the Rexec module assumes a Borne/Ksh/Bash orientation. This has caused a number of problems:</p>
102 <li>When logging onto the system the prompt is different (csh style shells use "%")</li>
104 <li>When logging onto the Nice site not only is the prompt different but it contains special characters. It uses embedded escape sequences that colorize the prompt. Rexec needs to find the prompt so it knows when it can send commands. Needless to say this si problematic forRexec. For now I set the prompt for gpdb@Nice to simply "% ", which works.</li>
106 <li>Some of the commands that gpdb_add_project.pl issues are decidedly Borne shell oriented. For example, it uses 2>&1 to combine stdout and stderr. This syntax is not valid under csh style shells. Additionally, Rexec would wrap commands in an "echo start; <cmd>; echo errono=$?" in order to obtain the return status of the remotely executed command. The $? variable is not available in csh style shells. So I added a shellstyle parameter to Rexec to handle these differences (though that doesn't fix #2).</li>
109 <p>One way around all of these problems is to require generic service
110 level accounts such as gpdb to run the default Borne shell (/bin/sh).</p>
112 <p>Next, and forgive me since my NIS is a bit rusty, but gpdb_add_project.pl would attempt to get certain NIS maps for remote sites that use NIS (it is also NIS+ aware/sensitive). In doing so it does an ls -1 /etc then looks for files such as auto_master. It then cat's auto_master and looks for lines that have "+auto" or "data" in them. It then uses that as a key file for ypcat as in ypcat -k auto_master.</p>
114 <p>Now @Nice (svrscity01.tif.ti.com) it finds:</p>
116 <div class=code><pre>
117 % cat /etc/auto_master
118 # Master map for automounter
122 /net -hosts -intr,rw,grpid
125 <p>So it then does ypcat -k auto_master which:</p>
127 <div class=code><pre>
128 % ypcat -k auto_master
129 no such map in server's domain
132 <p>The following does work though:</p>
134 <div class=code><pre>
135 % ypcat -k auto.master
136 /clearcase auto.clearcase
137 /home_drp auto.home_drp -intr,ro
138 /apps_drp auto.apps_drp -intr,ro
139 /db_drp auto.db_drp -intr,ro
140 /user auto.user -intr,rw,grpid
141 /tool auto.tool -intr,rw,grpid,noquota,noatime
142 /home auto.home -intr,rw,grpid
143 /apps auto.tool -intr,rw,grpid,noquota,noatime
146 /net -hosts -intr,rw,grpid,noquota
148 /u auto.tool -intr,rw,grpid,noquota
151 <p>It appears to be trying to find the auto_data map, of which there are none, and then will look for "sync_custom" in there. As such I don't see how this ever worked at Nice.</p>
153 <p>Thoughts? Pointers?</p>
155 <h3>Cygwin, Samba and ssh</h3>
157 <p>Here's the story. I use Cygwin on my XP desktop. I like having a home directory on Windows that is the same home directory on Unix/Linux machines. Often companies offer access to your Unix/Linux home directory via Samba. Also, often companies do not bother to set up a Samba server wish participates in a domain, so the Samba server is configured as being in a workgroup.</p>
159 <p>Now for a long time I struggled with this. I would map //<samba server>/<home share> -> my H drive then mount the H drive as /home and make sure my Cygwin /etc/password referred to my home directory of /home/$USER. All is great.</p>
161 <p>But when dealing with Samba servers who are configured into workgroups innocuous activities in Cygwin would elicit permission denied messages. For example, touching a file in the home directory and indeed even vi'ing a file, etc. Creating a file within Windows Explorer or using
162 other Windows oriented tools would work just fine. Files created on the Unix/Linux side would also work fine but when looked at from Cygwin on the PC would have odd (read "nobody") ownerships and permissions.</p>
164 <p>Of course as Cygwin is often not supported by the typical company's IT department and because many people do not attempt to utilize Cygwin fully often requests for assistance and change fell on deaf ears...</p>
166 <p>Eventually I figured out that my Windows SID in /etc/passwd is the SID of my domain user and since the Samba server was not in the domain my SID does not authenticate properly. Then I had a break through in that I realized that I was using SMBNTSEC as well as NTSEC in my Cygwin environment. I figured "Yeah I want to use the same Windows security for SMB mounted drives too". This is where my problem lies and it's because the Samba server configured by the client does not participate in the Windows domain from which I've logged in. </p>
168 <p>Now I'm pretty sure that Samba could be configured properly into a Windows domain as Samba can be configured as a PDC or a BDC, but many clients don't bother to go that far. So why is Windows able to deal with this but not Cygwin?</p>
170 <p>I believe that this is because within Samba a very basic approach is kept towards storing of user identification information. Indeed basic Samba just has an smbpasswd file which is much like your typical Unix/Linux /etc/passwd file and it is not designed to carry extra information about users and machine accounts as well as multiple groups and trust associations, etc. Even Samba documents talks about hooking Samba up to either LDAP or what they call a Trivial DataBase (TDB) in order to store such additional Windows only information.</p>
172 <p>So I thought the simple solution was to remove SMBNTSEC from my Cygwin environment and all would be fine. And indeed it is! Well almost...</p>
174 <p>Along comes ssh... So I like to use ssh to log into various Unix/Linux systems as I work. And again I share my home directory between Windows and Unix/Linux. Finally I like setting up passwordless public key ssh login as I'm not one of those who likes having to type in his password hundreds of times a day. But ssh's is picky about permissions of your ~/.ssh and ~/.ssh/id_<type> key files. When ssh'ing from Cygwin to a Unix/Linux box I am now receiving the following:</p>
176 <div class=code><pre>
177 @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
178 @ WARNING: UNPROTECTED PRIVATE KEY FILE! @
179 @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
180 Permissions 0644 for '/home/x0062320/.ssh/id_rsa' are too open.
181 It is recommended that your private key files are NOT accessible by others.
182 This private key will be ignored.
183 bad permissions: ignore key: /home/x0062320/.ssh/id_rsa
184 @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
185 @ WARNING: UNPROTECTED PRIVATE KEY FILE! @
186 @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
187 Permissions 0644 for '/home/x0062320/.ssh/id_dsa' are too open.
188 It is recommended that your private key files are NOT accessible by others.
189 This private key will be ignored.
190 bad permissions: ignore key: /home/x0062320/.ssh/id_dsa
191 x0062320@stashu's password:
194 <p>And, of course, I need to type in my password again! What I believe is happening is that because my home directory is SMB mounted and SMBNTSEC is off then Cygwin reports that files like ~/.ssh/id_rsa are 0644 even if I change them on Unix/Linux to 0600. So, for example:</p>
196 <div class=code><pre>
197 <unix box>$ ls -l ~/.ssh/id_rsa
198 -rw------- 1 x0062320 generic 887 Aug 31 16:43 /home/x0062320/.ssh/id_rsa
203 <div class=code><pre>
204 <cygwin>$ ls -l ~/.ssh/id_rsa
205 -rw-r--r-- 1 x0062320 Domain Users 887 Aug 31 16:43 /home/x0062320/.ssh/id_rsa
208 <p>Is there any way to work around this problem (short of reconfiguring the Samba server)?</p>
210 <nav class="page-navigation entry-navigation pagination content-nav">
211 <ul class="page-navigation-list">
213 <li class="page-navigation-list-item page-navigation-prev"><a rel="prev" href="http://defaria.com/blogs/Status/2006/10/improved-gpdp-a.html" title="Improved gpdp_add_project">Previous entry</a></li>
216 <li class="page-navigation-list-item page-navigation-next"><a rel="next" href="http://defaria.com/blogs/Status/2006/10/perldb-tips.html" title="PerlDB Tips">Next entry</a></li>
221 <aside id="zenback" class="zenback feedback">
222 Please paste Zenback script code here.
229 <aside class="widgets related" role="complementary">
230 <nav class="widget-search widget">
231 <div class="widget-content">
232 <form method="get" id="search" action="http://defaria.com/mt/mt-search.cgi">
234 <input type="text" name="search" value="" placeholder="Search...">
236 <input type="hidden" name="IncludeBlogs" value="8">
238 <input type="hidden" name="limit" value="20">
239 <button type="submit" name="button">
240 <img alt="Search" src="/mt/mt-static/support/theme_static/rainier/img/search-icon.png">
246 <nav class="widget-archive-category widget">
247 <h3 class="widget-header">Categories</h3>
248 <div class="widget-content">
251 <ul class="widget-list">
254 <li class="widget-list-item"><a href="http://defaria.com/blogs/Status/ameriquest/">Ameriquest (99)</a>
262 <li class="widget-list-item"><a href="http://defaria.com/blogs/Status/audience/">Audience (3)</a>
270 <li class="widget-list-item"><a href="http://defaria.com/blogs/Status/broadcom/">Broadcom (76)</a>
278 <li class="widget-list-item"><a href="http://defaria.com/blogs/Status/gpdb/">GPDB (35)</a>
286 <li class="widget-list-item"><a href="http://defaria.com/blogs/Status/general-dynamics/">General Dynamics (61)</a>
294 <li class="widget-list-item"><a href="http://defaria.com/blogs/Status/general-electric/">General Electric (13)</a>
302 <li class="widget-list-item"><a href="http://defaria.com/blogs/Status/hewlett-packard/">Hewlett Packard (13)</a>
310 <li class="widget-list-item"><a href="http://defaria.com/blogs/Status/lynuxworks/">LynuxWorks (162)</a>
318 <li class="widget-list-item"><a href="http://defaria.com/blogs/Status/pqa/">PQA (35)</a>
326 <li class="widget-list-item"><a href="http://defaria.com/blogs/Status/salira/">Salira (79)</a>
334 <li class="widget-list-item"><a href="http://defaria.com/blogs/Status/tellabs/">Tellabs (2)</a>
342 <li class="widget-list-item"><a href="http://defaria.com/blogs/Status/texas-instruments/">Texas Instruments (31)</a>
354 <nav class="widget-archive-dropdown widget">
355 <h3 class="widget-header">Archives</h3>
356 <div class="widget-content">
358 <option>Select a Month...</option>
360 <option value="http://defaria.com/blogs/Status/2016/02/">February 2016</option>
364 <option value="http://defaria.com/blogs/Status/2014/09/">September 2014</option>
368 <option value="http://defaria.com/blogs/Status/2014/04/">April 2014</option>
372 <option value="http://defaria.com/blogs/Status/2014/03/">March 2014</option>
376 <option value="http://defaria.com/blogs/Status/2013/02/">February 2013</option>
380 <option value="http://defaria.com/blogs/Status/2012/09/">September 2012</option>
384 <option value="http://defaria.com/blogs/Status/2012/08/">August 2012</option>
388 <option value="http://defaria.com/blogs/Status/2012/05/">May 2012</option>
392 <option value="http://defaria.com/blogs/Status/2012/04/">April 2012</option>
396 <option value="http://defaria.com/blogs/Status/2012/02/">February 2012</option>
400 <option value="http://defaria.com/blogs/Status/2012/01/">January 2012</option>
404 <option value="http://defaria.com/blogs/Status/2011/10/">October 2011</option>
408 <option value="http://defaria.com/blogs/Status/2011/07/">July 2011</option>
412 <option value="http://defaria.com/blogs/Status/2010/09/">September 2010</option>
416 <option value="http://defaria.com/blogs/Status/2010/08/">August 2010</option>
420 <option value="http://defaria.com/blogs/Status/2010/04/">April 2010</option>
424 <option value="http://defaria.com/blogs/Status/2010/03/">March 2010</option>
428 <option value="http://defaria.com/blogs/Status/2010/02/">February 2010</option>
432 <option value="http://defaria.com/blogs/Status/2009/05/">May 2009</option>
436 <option value="http://defaria.com/blogs/Status/2009/04/">April 2009</option>
440 <option value="http://defaria.com/blogs/Status/2008/07/">July 2008</option>
444 <option value="http://defaria.com/blogs/Status/2008/05/">May 2008</option>
448 <option value="http://defaria.com/blogs/Status/2008/04/">April 2008</option>
452 <option value="http://defaria.com/blogs/Status/2008/03/">March 2008</option>
456 <option value="http://defaria.com/blogs/Status/2008/02/">February 2008</option>
460 <option value="http://defaria.com/blogs/Status/2008/01/">January 2008</option>
464 <option value="http://defaria.com/blogs/Status/2007/12/">December 2007</option>
468 <option value="http://defaria.com/blogs/Status/2007/11/">November 2007</option>
472 <option value="http://defaria.com/blogs/Status/2007/10/">October 2007</option>
476 <option value="http://defaria.com/blogs/Status/2007/09/">September 2007</option>
480 <option value="http://defaria.com/blogs/Status/2007/08/">August 2007</option>
484 <option value="http://defaria.com/blogs/Status/2007/07/">July 2007</option>
488 <option value="http://defaria.com/blogs/Status/2007/06/">June 2007</option>
492 <option value="http://defaria.com/blogs/Status/2007/05/">May 2007</option>
496 <option value="http://defaria.com/blogs/Status/2007/04/">April 2007</option>
500 <option value="http://defaria.com/blogs/Status/2007/03/">March 2007</option>
504 <option value="http://defaria.com/blogs/Status/2007/01/">January 2007</option>
508 <option value="http://defaria.com/blogs/Status/2006/12/">December 2006</option>
512 <option value="http://defaria.com/blogs/Status/2006/11/">November 2006</option>
516 <option value="http://defaria.com/blogs/Status/2006/10/">October 2006</option>
520 <option value="http://defaria.com/blogs/Status/2006/09/">September 2006</option>
524 <option value="http://defaria.com/blogs/Status/2006/07/">July 2006</option>
528 <option value="http://defaria.com/blogs/Status/2006/06/">June 2006</option>
532 <option value="http://defaria.com/blogs/Status/2006/05/">May 2006</option>
536 <option value="http://defaria.com/blogs/Status/2006/04/">April 2006</option>
540 <option value="http://defaria.com/blogs/Status/2006/03/">March 2006</option>
544 <option value="http://defaria.com/blogs/Status/2006/02/">February 2006</option>
548 <option value="http://defaria.com/blogs/Status/2006/01/">January 2006</option>
552 <option value="http://defaria.com/blogs/Status/2005/12/">December 2005</option>
556 <option value="http://defaria.com/blogs/Status/2005/11/">November 2005</option>
560 <option value="http://defaria.com/blogs/Status/2005/10/">October 2005</option>
564 <option value="http://defaria.com/blogs/Status/2005/09/">September 2005</option>
568 <option value="http://defaria.com/blogs/Status/2005/08/">August 2005</option>
572 <option value="http://defaria.com/blogs/Status/2005/07/">July 2005</option>
576 <option value="http://defaria.com/blogs/Status/2005/06/">June 2005</option>
580 <option value="http://defaria.com/blogs/Status/2005/05/">May 2005</option>
584 <option value="http://defaria.com/blogs/Status/2005/04/">April 2005</option>
588 <option value="http://defaria.com/blogs/Status/2005/03/">March 2005</option>
592 <option value="http://defaria.com/blogs/Status/2005/02/">February 2005</option>
596 <option value="http://defaria.com/blogs/Status/2005/01/">January 2005</option>
600 <option value="http://defaria.com/blogs/Status/2004/12/">December 2004</option>
604 <option value="http://defaria.com/blogs/Status/2004/09/">September 2004</option>
608 <option value="http://defaria.com/blogs/Status/2004/08/">August 2004</option>
612 <option value="http://defaria.com/blogs/Status/2004/07/">July 2004</option>
616 <option value="http://defaria.com/blogs/Status/2004/06/">June 2004</option>
620 <option value="http://defaria.com/blogs/Status/2004/05/">May 2004</option>
624 <option value="http://defaria.com/blogs/Status/2004/04/">April 2004</option>
628 <option value="http://defaria.com/blogs/Status/2004/03/">March 2004</option>
632 <option value="http://defaria.com/blogs/Status/2004/02/">February 2004</option>
636 <option value="http://defaria.com/blogs/Status/2004/01/">January 2004</option>
640 <option value="http://defaria.com/blogs/Status/2003/12/">December 2003</option>
644 <option value="http://defaria.com/blogs/Status/2003/11/">November 2003</option>
652 <div class="widget-syndication widget section">
653 <div class="widget-content">
654 <p><img src="http://defaria.com/mt/mt-static/images/status_icons/feed.gif" alt="Subscribe to feed" width="9" height="9" /> <a href="http://defaria.com/blogs/Status/atom.xml">Subscribe to this blog's feed</a></p>
662 <footer id="footer" role="contentinfo">
663 <div id="footer-inner">
664 <div id="footer-content">
665 <nav role="navigation">
667 <li><a href="http://defaria.com/blogs/Status/">Home</a></li>
673 <p class="license">© Copyright 2016.</p>
674 <p class="poweredby">Powered by <a href="http://www.movabletype.org/">Movable Type</a></p>
680 <script src="http://defaria.com/mt/mt-static/jquery/jquery.min.js"></script>
681 <script src="http://defaria.com/blogs/Status/mt-theme-scale2.js"></script>