https://community.hpe.com/t5/operating-system-hp-ux/serv-guard-11-16-cmviewcl-for-all-200-users-how-to/m-p/4941260#M699583 thanks to all! Thu, 24 Nov 2005 08:38:40 GMT Henk Geurts 2005-11-24T08:38:40Z https://community.hpe.com/t5/operating-system-hp-ux/serv-guard-11-16-cmviewcl-for-all-200-users-how-to/m-p/4941253#M699576 hi Guys.<BR />i want to let every use use the cmviewcl command.<BR />I know that version 11.16 uses Access Control Policy Parameters, but don't want to add 200 users in the ascii file....<BR />don't want to fix it with sudo either...<BR /><BR />adding a + sign to cmclnodelist doesn't work in this version...<BR /><BR />Can you help ?<BR /><BR /> Thu, 17 Nov 2005 02:05:01 GMT https://community.hpe.com/t5/operating-system-hp-ux/serv-guard-11-16-cmviewcl-for-all-200-users-how-to/m-p/4941253#M699576 Henk Geurts 2005-11-17T02:05:01Z https://community.hpe.com/t5/operating-system-hp-ux/serv-guard-11-16-cmviewcl-for-all-200-users-how-to/m-p/4941254#M699577 You have very limited options.<BR />I would suggeset to go with sudo. Thu, 17 Nov 2005 02:33:13 GMT https://community.hpe.com/t5/operating-system-hp-ux/serv-guard-11-16-cmviewcl-for-all-200-users-how-to/m-p/4941254#M699577 RAC_1 2005-11-17T02:33:13Z https://community.hpe.com/t5/operating-system-hp-ux/serv-guard-11-16-cmviewcl-for-all-200-users-how-to/m-p/4941255#M699578 Create a MONITOR role for everyone in the cluster ascii file.<BR />Take a look at page 278 of the managing Serviceguard manual for 11.16 at:<BR /><A href="http://docs.hp.com/en/B3936-90079/B3936-90079.pdf" target="_blank">http://docs.hp.com/en/B3936-90079/B3936-90079.pdf</A> Thu, 17 Nov 2005 02:33:20 GMT https://community.hpe.com/t5/operating-system-hp-ux/serv-guard-11-16-cmviewcl-for-all-200-users-how-to/m-p/4941255#M699578 melvyn burnard 2005-11-17T02:33:20Z https://community.hpe.com/t5/operating-system-hp-ux/serv-guard-11-16-cmviewcl-for-all-200-users-how-to/m-p/4941256#M699579 thanks <BR />but is there a way to apply wild cards in the clusterascii file so all users can monitor?<BR />USER_NAME *<BR />USER_HOST *<BR />USER_ROLE MONITOR<BR /><BR />doesn't do the trick.<BR /> Thu, 17 Nov 2005 03:27:25 GMT https://community.hpe.com/t5/operating-system-hp-ux/serv-guard-11-16-cmviewcl-for-all-200-users-how-to/m-p/4941256#M699579 Henk Geurts 2005-11-17T03:27:25Z https://community.hpe.com/t5/operating-system-hp-ux/serv-guard-11-16-cmviewcl-for-all-200-users-how-to/m-p/4941257#M699580 Again, read the manual, you will see that allowed entries are:<BR />ANY_USER or up to 8 user names as per the password file ;in this case use ANY_USER<BR /><BR />ANY_SERVICEGUARD_NODE<BR />ANY_CLUSTER_NODE<BR />or a specfific node name, in this case use ANY_SERVICEGUARD_NODE<BR /><BR /><BR /><BR /> Thu, 17 Nov 2005 05:07:59 GMT https://community.hpe.com/t5/operating-system-hp-ux/serv-guard-11-16-cmviewcl-for-all-200-users-how-to/m-p/4941257#M699580 melvyn burnard 2005-11-17T05:07:59Z https://community.hpe.com/t5/operating-system-hp-ux/serv-guard-11-16-cmviewcl-for-all-200-users-how-to/m-p/4941258#M699581 Henk,<BR /><BR />I would suggest a carefully written suid script that runs the command as root, just as passwd lets users update the passwd file which root owns and is the only authorized writer.<BR /><BR />This is a security hazard if poorly written.<BR /><BR />Also Just because you want to give cmviewcl to all users does not make it a good idea.<BR /><BR />Another suggestion:<BR /><BR />Have cron run a cmviewcl status report, regularly to /tmp directory and let all users view the output.<BR /><BR />My second suggestion has the advantage of not being a security hazard.<BR /><BR />SEP Thu, 17 Nov 2005 05:19:43 GMT https://community.hpe.com/t5/operating-system-hp-ux/serv-guard-11-16-cmviewcl-for-all-200-users-how-to/m-p/4941258#M699581 Steven E. Protter 2005-11-17T05:19:43Z https://community.hpe.com/t5/operating-system-hp-ux/serv-guard-11-16-cmviewcl-for-all-200-users-how-to/m-p/4941259#M699582 To permit anyone to use cmviewcl, configure the cluster ASCII file with:<BR /><BR />USER_NAME ANY_USER<BR />USER_HOST ANY_SERVICEGUARD_NODE<BR />USER_ROLE MONITOR<BR /><BR />cmapplyconf can be done while the cluster is running.<BR /> Thu, 17 Nov 2005 08:36:04 GMT https://community.hpe.com/t5/operating-system-hp-ux/serv-guard-11-16-cmviewcl-for-all-200-users-how-to/m-p/4941259#M699582 Stephen Doud 2005-11-17T08:36:04Z https://community.hpe.com/t5/operating-system-hp-ux/serv-guard-11-16-cmviewcl-for-all-200-users-how-to/m-p/4941260#M699583 thanks to all! Thu, 24 Nov 2005 08:38:40 GMT https://community.hpe.com/t5/operating-system-hp-ux/serv-guard-11-16-cmviewcl-for-all-200-users-how-to/m-p/4941260#M699583 Henk Geurts 2005-11-24T08:38:40Z