Remctl

=Remctl=

Here is a list of all the remctl commands that are running on various UGCS servers. In general, scripts get put in /usr/local/share/remctl or /usr/local/lib/remctl. The command configurations are in /etc/remctl/conf.d, and that will point to the paths if they're somewhere else.

Note: these lists are probably horribly out of date.

You can run a remctl command by running "remctl  [arg1 arg2 ...]". An example is remctl hermes mailman create mylist to create a new list. Note that you cannot pipe anything to standard input, but you do get stdout, stderr, and the correct exit code.

Config files
Remctld is controlled by files in /etc/remctl/conf.d. These are conf files of the format package task executable aclspec Package and task are so remctl knows which one to run- they are completely arbitrary (usual name restrictions apply). Executable is the program that should be run. It needs to be +x, but not suid. aclspec is usually a file (typically in /etc/remctl/acl), which is a list of users authorized to run this script (one on a line, like jdhutchin@UGCS.CALTECH.EDU). It can also be "ANYUSER", which means anyone with a valid kerberos token can run it.

An example is: mailman create /usr/local/lib/remctl/create_mailinglist ANYUSER

Scripts
Scripts should be pretty robust, since they are being run as root. Particularly, double-check anything being used in a command or filename. For anything more than slightly complicated, a python script is preferred over a shell script- it makes it much easier to validate input. The following environment variables are set:
 * REMOTE_USER: kerberos name (xxx@UGCS.CALTECH.EDU) of the remote user
 * REMOTE_IP: ip of remote host

Poseidon

 * postgres
 * setup-tsearch2: Installs tsearch2 for the current user
 * setup-plpgsql: Installs plpgsql for the current user

Hermes

 * mailman (/usr/local/lib/remctl)
 * create : creates the named list
 * mylists: lists all lists owned by the current user
 * list_members : lists members of the named list (you must be the list owner)
 * list_owners : lists the owners of the named list
 * add_members [member2 ...]: Adds users to the list.  No notifications are sent
 * remove_members [ member2 ...]: Removes users from the list
 * set_spam_tag Sets amavisSpamTag2Level to level for the list
 * set_spam_kill Sets amavisSpamKillLevel to level for the list

Dionysus

 * jobs
 * remove : removes the specified job drop file if it is owned by the caller
 * kadmin
 * create : creates the named principal (and the _cgi one as well) for the account creator.  All principals are created disabled and will have to be enabled by a sysadmin.

Demeter

 * There are a couple on demeter that deal with updating apache config files after a vhost is changed. They are on here to help deal with the possibility of having multiple web servers.
 * vhost
 * setup: creates a folder for the user in /afs/.ugcs/drop/vhost
 * update: re-creates the apache configuration files for a user's vhosts, and reloads apache unless /etc/apache2/noreload is present

Shellservers

 * apt
 * update: Runs aptitude update
 * update_db: Re-copies /var/cache/debconf/db and the dpkg selection list from the image server
 * set_selections: Makes our current selections match the selection list.  An intelligent python program compares the list and figures out the necessary diffs.