How can you run an SFTP through pbrun
pbrun mode allows you to get elevated access privileges usually identified by a group id and along with an user id, which is generally an application id. Once you have those privileges a lot can be done.
Based on your last statement of the problem I think you can just do a normal copy to a temp location on the same server and change the ownership/permissions[chown/chmod] to allow usage of the files/directories by your normal id.
Once you are done with your work remove the files/reverse the permission as before depending on what you would have selected.
on the other hand if you want to explore sftp and ftp, info goes below:
sftp requires you to set up ssh keys before you can do a ftp. So I think there are two ways to tackle the problems:
1) Use normal ftp where you can specify the username when you connect to a destination server. This will be the simplest solution which should work. Cons: Un-encrypted file transfer
2) You may setup ssh keys on windows server and allow the application id for logon.
The other thing you should be concerned about is the ftp service itself on windows machine, if it is there or not.
Basically, you are trying to do the following:
tar cf - file1 file2 | /bin/tar -xf - -C /some/path/directory
You just want the extract to be done on a remote system and the contents encrypted along the network channel. PowerBroker can be used as a transport channel to move the data. By default, all PowerBroker network traffic is encrypted. You would also need a policy that would allow the command. Try the following:
tar cf - file1 file2 | pbrun -h <target_host> -u <target_user> pbcp
You would need a policy to the effect:
if ( user in {"cire", "wax"} && command=="pbcp" && requestuser in {"oracle", "root", "other", "allowed", "users" }) { runcommand = "/bin/tar"; runargv = { "/bin/tar", "-xf", "-", "-C", "/some/path/directory" }; SetRunEnv(requestuser); accept;}
One of my co-workers showed me a neat trick to get around the pbrun/sftp issue. I can simply create a temp directory where both I and the daemon have access and then copy the files I want to transfer to the temp directory. Then, I can use my normal credentials to SFTP the files on to my PC. It's hackish (you ultimately will need 2 copies of the file to do this), but it works.