pbmakeremotetar makes a clone of a configuration for a binary and configuration-compatible target environment for Endpoint Privilege Management for Unix and Linux.

pbmakeremotetar is a menu-driven, interactive installation script. It enables the superuser installer to install, update, or reconfigure Endpoint Privilege Management for Unix and Linux as required by configuration changes or updates. pbmakeremotetar properly configures (as appropriate) /etc/services, the superdaemon configuration files (/etc/inetd.conf and/or /etc/xinetd.conf), and Endpoint Privilege Management for Unix and Linux for most execution environments.

pbmakeremotetar must be executed where the default directory is the directory in which pbmakeremotetar resides or the parent directory to the directory containing pbmakeremotetar.

An initial screen appears, reminding the user about the function of pbmakeremotetar. A prompt also appears, allowing a SIGINT (CTRL+C) to abort the script.

When the script continues, it determines the switches that are necessary for tar to function as desired. A list of files to transfer to the target system is generated and presented to the user for approval or editing.

When the file list is accepted, a tarball file that contains the selected files is created, with the specified tarfilename and with the additional file type of tar appended. The remote_unpack script is generated. Finally, a tarball file that contains both the first tarball file and the remote_unpack script is generated at the location that is specified by tarfilename.

After the final tarball file is created, it must be made available to the target systems. This can be done in any manner that preserves the security and binary integrity of the tarball file.

An installation work directory should be selected other than /tmp (for the same reasons as with pbinstall). The tarball file should be unpacked with the following commands:

$ cd {installation_directory}
$ tar -xvf {tarfilename_on_local_system}
$ ./remote_unpack

The remote_unpack script unpacks the encapsulated tarball file into the proper locations. The script then prompts you to allow the configuration of the system (/etc/services, superdaemon configuration files). If you allow this configuration, then these configuration files are automatically modified with the appropriate superdaemons instructed to reload their databases. If you decide not to do the configuration at this time, then the name of the script to continue with the configuration is displayed and the script exits.

For policy server target installations, an initial installation (using pbinstall) must be done before a target remote install. Doing so ensures the proper handling of all licensing issues.

Different target system installation (working) directories should be used for different prefix and/or suffix versions of cloned installations.

Encrypted policy files are not scanned for included policy files. You must process the encrypted policy files by restoring the unencrypted ones before running pbmakeremotetar, or by manually moving the encrypted files.

If the settings file is encrypted, then pbmakeremotetar does not work. An unencrypted version of the settings file must be restored before pbmakeremotetar can work. An encrypted policy file is not handled properly.

For details about including encrypted policy files or policy subfiles, please see pbmakeremotetar Installation Information.


pbmakeremotetar [options] tarfilename
pbmakeremotetar -h



Includes all Endpoint Privilege Management for Unix and Linux installation types.

-b Runs in batch mode (no confirmation prompts).
-c Includes submit host software for target system.
-h Displays this usage text and exits.
-l Includes log host software for target system.
-m Includes policy server software for target system.
-p prefix Sets the Endpoint Privilege Management for Unix and Linux installation prefix.
-r Includes run host software for target system.
-s suffix Sets the Endpoint Privilege Management for Unix and Linux installation suffix.

Rebuilds off of a previously generated file name list.


Displays the script version and exits.

-w dirspec

Specifies the work directory to use when the directory containing pbmakeremotetar is read-only (for example, on a CD).

-x Includes log synchronization host software for target system.
-A Set the Application ID for RNS Client Registration.
-K Set the Application Key for RNS Client Registration.
-D Set the address of the primary server for RNS Client Registration.
-P Set the port for the primary policy server for RNS Client Registration.
-N Set the Registration Profile name for RNS Client Registration.

Specifies the name of the tarball file to create (may include the full path).

Any combination of -c, -g, -l, -r, and -m may be specified if the current installation has those components.

Registry Name Service (RNS) Support

Any new RNS-enabled Endpoint Privilege Management for Unix and Linux installation must register with the RNS primary server to use the RNS features. pbmakeremotetar creates an RNS registration script to be included in the generated tar ball, and is extracted as /opt/pbul/scripts/<prefix>pbrnscfg.sh<suffix> by remote_unpack on the target host. remote_unpack also calls pbremoteinstall, which in turn, automatically invokes the RNS registration script. The script displays prompts asking for the necessary registration information (RNS Primary Server’s appid/appkey/address/port#).

pbmakeremotetar also offers the user a choice to save their appid/appkey info to make it available for pbrnscfg.sh. However, this feature is provided only as a convenience. If you want to safeguard the appid/appkey info, decline pbmakeremotetar’s offer and just use the interactive prompt of pbrnscfg.sh when running on the target host.

If you are agreeable to saving the appid/appkey info, pbmakeremotetarcreates the input file which is written to /etc/.<prefix>pbrnscfg.in<suffix> on the target host. The RNS registration script automatically looks for this hidden input file, thus skipping the interactive prompts.


Not applicable

For more information, please also see the following: