Here is a list of all the remctl commands that are running on various UGCS servers. In general, scripts get put in /usr/local/share/remctl or /usr/local/lib/remctl. The command configurations are in /etc/remctl/conf.d, and that will point to the paths if they're somewhere else.
Note: these lists are probably horribly out of date.
You can run a remctl command by running "remctl <host> <package> <task> [arg1 arg2 ...]". An example is
remctl hermes mailman create mylist
to create a new list. Note that you cannot pipe anything to standard input, but you do get stdout, stderr, and the correct exit code.
Remctld is controlled by files in /etc/remctl/conf.d. These are conf files of the format
package task executable aclspec
Package and task are so remctl knows which one to run- they are completely arbitrary (usual name restrictions apply). Executable is the program that should be run. It needs to be +x, but not suid. aclspec is usually a file (typically in /etc/remctl/acl), which is a list of users authorized to run this script (one on a line, like jdhutchin@UGCS.CALTECH.EDU). It can also be "ANYUSER", which means anyone with a valid kerberos token can run it.
An example is:
mailman create /usr/local/lib/remctl/create_mailinglist ANYUSER
Scripts should be pretty robust, since they are being run as root. Particularly, double-check anything being used in a command or filename. For anything more than slightly complicated, a python script is preferred over a shell script- it makes it much easier to validate input. The following environment variables are set:
- REMOTE_USER: kerberos name (xxx@UGCS.CALTECH.EDU) of the remote user
- REMOTE_IP: ip of remote host
- setup-tsearch2: Installs tsearch2 for the current user
- setup-plpgsql: Installs plpgsql for the current user
- mailman (/usr/local/lib/remctl)
- create <list>: creates the named list
- mylists: lists all lists owned by the current user
- list_members <list>: lists members of the named list (you must be the list owner)
- list_owners <list>: lists the owners of the named list
- add_members <list> <member1> [member2 ...]: Adds users to the list. No notifications are sent
- remove_members <list> <member1> [ member2 ...]: Removes users from the list
- set_spam_tag <list> <level> Sets amavisSpamTag2Level to level for the list
- set_spam_kill <list> <level> Sets amavisSpamKillLevel to level for the list
- remove <filename>: removes the specified job drop file if it is owned by the caller
- create <name> <password>: creates the named principal (and the _cgi one as well) for the account creator. All principals are created disabled and will have to be enabled by a sysadmin.
- There are a couple on demeter that deal with updating apache config files after a vhost is changed. They are on here to help deal with the possibility of having multiple web servers.
- setup: creates a folder for the user in /afs/.ugcs/drop/vhost
- update: re-creates the apache configuration files for a user's vhosts, and reloads apache unless /etc/apache2/noreload is present
- update: Runs aptitude update
- update_db: Re-copies /var/cache/debconf/db and the dpkg selection list from the image server
- set_selections: Makes our current selections match the selection list. An intelligent python program compares the list and figures out the necessary diffs.