1 The Remote-SCSI protocol gives you SCSI-Anywhere features.
3 The protocol used by netscsid is based on rscsi from the cdrtools, developed by
4 Joerg Schilling. However, no guarantee for the compatibility or reliability can
5 be made. This documentation is based on rscsi documentation from Joerg
6 Schilling, but is not identical to the original.
8 There are three possible ways to control access to the remote users:
10 - Let the remote scsi lib log in as a standard user.
11 In this case netscsid will be called via sh -c netscsid /usr/sbin/netscsid
12 NOTE: In this case, netscsid must be installed suid root.
13 --- This would need to allow any valid local user to access SCSI ----
14 It could be a security problem.
16 - Log in as root and call netscsid via sh -c netscsid
17 NOTE that this will fore you to allow remote logins as root
18 which is considered to be a security hole.
20 - Create one or more special user(s) that have netscsid
21 as login shell with their own home directory.
22 You then may create special .rhosts files for each user.
23 NOTE: In this case, netscsid must be installed suid root.
24 **** This is the preferred method ****
26 To enable remote SCSI via the login shell method you should do the following:
28 - Install netscsid into /usr/sbin. It can be set suid-root if neccessary, see
29 security section below.
31 - Install a file /etc/netscsid.conf and define access rights.
32 Without this file, netscsid will not work at all.
33 The template for this file is: netscsid/netscsid.dfl
35 - For the special user method, create a user account. This can be done with a
36 frontend like adduser or useradd, if available. The user should have /usr/sbin/netscsid as the login shell.
37 If there is no frontend tool, try this:
39 + Add an entry to /etc/passwd in the form:
41 netscsid:x:1999:1000:Tape:/home/netscsid:/usr/sbin/netscsid
43 (modify this according to your OS). And don't forget to
44 modify /etc/shadow the way it needs to be on your OS.
46 + Create the home directory for this user, adapt the user/group ownership
49 - if you use SSH as the login shell (via appropriate RSH environment variable
50 or a symlink to "rsh" which is the case for many Linux distribution),
51 consult the ssh documentation for details.
52 Note that SSH requires sufficiently powered client/server systems to
53 encrypt/decrypt data in realtime.
55 - if you use traditional rsh, add a .rhosts file to this directory to allow
56 access to all users you like (see rsh documentation)
60 - When netscsid starts, it checks if /etc/netscsid.conf exists.
63 - If netscsid is not called by a user listed in /etc/netscsid.conf
66 - To access a SCSI target there must be an entry that lists the user
67 rcsi hast been started from, the hostname and the SCSI target.
69 netscsid compares the hostname field in /etc/netscsid.conf
70 to the peername retrived from STDIN:
72 - legal host name IP connection
73 - "ILLEGAL_SOCKET" Not an IP socket
74 - "NOT_IP" Not a socket
76 NETSCSID Security hints:
78 - Do not generally allow other users to see your boot disk via NETSCSID.
79 All people who see this disk may edit your passwd file. This especially
80 applies to suid-root usage. For non-suid-root, check the access permissions.
82 - If you are in doubt, only export CD-ROM drives, scanners and similar
83 devices that are not directly security sensitive.
85 If anybody sees a security hole in my security precautions, please send me a mail!
89 - To use remote SCSI devices you need to know how to access a specific remote
92 - dev=REMOTE:host: or dev=REMOTE:host
93 will allow you to do SCSI bus scanning while you log in as yourself
95 - dev=REMOTE:user@host: or dev=REMOTE:user@host
96 will allow you to do SCSI bus scanning while you log in as "user"
98 If you use the setup described above, you should use:
100 dev=REMOTE:netscsid@babbel:
102 to do SCSI Bus scanning on host babbel
104 - To access a specific SCSI device, you must specify
105 dev=REMOTE:host:<target spec> or dev=REMOTE:user@host:<target spec>
106 <target spec> is the SCSI target specification as it is needed
109 dev=REMOTE:netscsid@babbel:1,3,0
111 Will let you log in as netscsid on host babbel and open Target 3 lun 0
114 - If you use wodim -vv ...., wodim will on startup print some
115 information about the remote libscg version used for the connection.
117 - To be able to use the remote SCSI client code from win32 you need to create
118 a file /etc/passwd with a correct entry for the user you are on win32.
119 Call 'id' to get the right user id.
120 Note that remote SCSI has not yet been tested on Win32.
124 - On a Ultra-10 running Solaris 8, the command overhead time is 400 usec.
125 You may achieve up to 9900 kB/s via a 100MB/s ethernet connection
126 between two of such machines.
128 - With 100 MB/s, 12x recording should be no problem.
130 - With 10 MB/s, 4x recording is the maximum. Do tests before!
132 - Logging into a remote machine and running wodim on the remote machine
133 causes the buffer cache on that machine to be trashed. The main user
136 - Doing cdrecording via Remote SCSI causes only the netscsid command with less
137 than 200kB to be needed on the remote machine hosting the CD recorder.
138 The main user on that machine is not disturbed.
139 The buffer cache of the machine running wodim is trashed.
141 - It is desirable to use a Burn-Proof recorder to make sure that network
142 load will not cause buffer underruns.
145 - USER= test and test for hostname are using a pattern matcher.