HPE Community
Operating System - HP-UX
1752564 Members
5157 Online
108788 Solutions
New Discussion юеВ

Re: Executing MC/SG Cluster Commands by user other than root

 
roobala
Frequent Advisor

тАО12-10-2000 10:15 PM

тАО12-10-2000 10:15 PM

Executing MC/SG Cluster Commands by user other than root

Dear all

I am having MC/SG Installed and Configured
on HPUX 11.00 HP 9000 L-1000 Servers.
Now Only system Administrator is checking cluster status by cmviewcl.

How to make this "cmviewcl" command available to users other than ROOT.
Thanks in Advance,
Roobala
0 Kudos
Reply
7 REPLIES 7
Carlo Henrico_1
Regular Advisor

тАО12-10-2000 11:26 PM

тАО12-10-2000 11:26 PM

Re: Executing MC/SG Cluster Commands by user other than root

Try SUDO. This is a software package (free) which give a user the rights to execute commands "as if" he were the root user. Small bit of configuration to be done but I found it works very well.

sudo can be obtained from the porting center or from www.courtesan.com

Good luck
Live fast, die young - enjoy a good looking corpse!
0 Kudos
Reply
Rainer Weinmann
New Member

тАО12-11-2000 12:42 AM

тАО12-11-2000 12:42 AM

Re: Executing MC/SG Cluster Commands by user other than root

Try the following: Create a file called cmclnodelist under /etc/cmcluster in which you put all the users who are allowed to execute the cluster commands with the ip-address on which they connect; don't forget to include root, eg. ip.ip.ip.ip user
0 Kudos
Reply
roobala
Frequent Advisor

тАО12-11-2000 04:58 AM

тАО12-11-2000 04:58 AM

Re: Executing MC/SG Cluster Commands by user other than root

Hi Rainer,

cmclnodelist worked, but I think that user will be able to
halt and run cluster/pkg/node.
I wanted that user to view only(cmviewcl).

Any suggestions

Regards
Roobala
0 Kudos
Reply
Darrel Louis
Honored Contributor

тАО12-11-2000 05:10 AM

тАО12-11-2000 05:10 AM

Re: Executing MC/SG Cluster Commands by user other than root

Roobala,

If you just want users to run some commands, sudo is the best solution.
This will log everything users are doing.

Good Luck
0 Kudos
Reply
James R. Ferguson
Acclaimed Contributor

тАО12-11-2000 05:20 AM

тАО12-11-2000 05:20 AM

Re: Executing MC/SG Cluster Commands by user other than root

Hi:

From the MC/SG 11.05 documentation, it looks like the cmclnodelist file extensions enable the cmviewcl ability only.

http://docs.hp.com/hpux/onlinedocs/B3935-90015/B3935-90015.html

...JRF...
0 Kudos
Reply
Ralph Grothe
Honored Contributor

тАО12-11-2000 07:08 AM

тАО12-11-2000 07:08 AM

Re: Executing MC/SG Cluster Commands by user other than root

James is right,
the cmclnodlist seems to apply only to the extension of permissions to run the cmviewcl command.
At least on my system the mere mortal accounts (i.e. $> > 9) cannot submit any cm* commands other than cmviewcl.
I for instance, put the www account (an account with usually very restricted privileges) in the cmclnodelist to have my CGI scripts also display the cluster's status (possibly a somewhat lenient measure for the paranoid)
Madness, thy name is system administration
0 Kudos
Reply
Denver Osborn
Honored Contributor

тАО12-11-2000 12:35 PM

тАО12-11-2000 12:35 PM

Re: Executing MC/SG Cluster Commands by user other than root

Another idea for you is to use a restricted sam for the user.

As root
# /usr/sbin/sam
Actions -> add custom application
give it a Label -> command should be /usr/sbin/cmviewcl -v and execute using root's id. After it's added test it out as root.

# /usr/sbin/sam -r
Select the user's id, select the custom app you added, Actions -> enable -> Actions -> save privileges. Exit sam.

Now your user should be able to execute cmviewcl from within sam and wihtout loading additional software.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.