HPE Community
Operating System - HP-UX
1753935 Members
9817 Online
108810 Solutions
New Discussion юеВ

Re: Automation

 
Spark_2
Frequent Advisor

тАО01-26-2010 10:03 PM

тАО01-26-2010 10:03 PM

Automation

Hi,

Direct root login is diabled in all my servers. Now how can things be automated in such kind of environment. I made a second user with uid 0 and tried to use that for small tasks like user addition or running of script from one box to multiple but its being denied as the uid 0 is being captured as root's

How can automation be done in such kind of an environment please. Would appreciate any help.
0 Kudos
Reply
16 REPLIES 16
Michal Kapalka (mikap)
Honored Contributor

тАО01-26-2010 10:09 PM

тАО01-26-2010 10:09 PM

Re: Automation

hi,

i think its better if you use SUDO.

if you like to download it :

http://hpux.connect.org.uk/hppd/hpux/Sysadmin/sudo-1.7.2p1/

mikap
0 Kudos
Reply
Jupinder Bedi
Respected Contributor

тАО01-26-2010 10:31 PM

тАО01-26-2010 10:31 PM

Re: Automation

Install sudo on your system and you can do all your system administrator tasks accordingly.
All things excellent are as difficult as they are rare
0 Kudos
Reply
Spark_2
Frequent Advisor

тАО01-26-2010 10:42 PM

тАО01-26-2010 10:42 PM

Re: Automation

I already have sudo on my boxes. Please consider the scenario:

I want to create a user on multiple boxes sitting in one server. Now all the others have direct root login disabled. Now how to go about it please.

Similarly in case I want to have output like mirroring information and want to run some script from one server to all...
0 Kudos
Reply
Horia Chirculescu
Honored Contributor

тАО01-26-2010 11:48 PM

тАО01-26-2010 11:48 PM

Re: Automation

Hello

I just wanted to underline the fact that

" its being denied as the uid 0 is being captured as root's"

it is the normal behavior of any Unix like SO meaning that any program is looking at the UID not at the user name. This is done by invoking getuid(). Two users with the same UID are treated in the same way.

Horia.
Best regards from Romania,
Horia.
0 Kudos
Reply
Spark_2
Frequent Advisor

тАО01-26-2010 11:49 PM

тАО01-26-2010 11:49 PM

Re: Automation

Thanks Horia, I understand that fact now.

Someone please help with the basic problem also
0 Kudos
Reply
Horia Chirculescu
Honored Contributor

тАО01-27-2010 01:34 AM

тАО01-27-2010 01:34 AM

Re: Automation

Hello,

Michael already suggested a good approach of the problem.

Once installed sudo, you should play with visudo in order to configure access to the non-root user to the desired programs (/usr/sbin/useradd , whatever your script/scrips are)

man sudo

man visudo.

Best regards
Horia.
Best regards from Romania,
Horia.
0 Kudos
Reply
Spark_2
Frequent Advisor

тАО01-27-2010 01:36 AM

тАО01-27-2010 01:36 AM

Re: Automation

Its not just within this server that I want to do things....I want configure a central from where scripting could be done to perform things on several other servers.

Passwordless ssh doesnt help as direct root login is diabled on all the boxes. What else can be done please
0 Kudos
Reply
Horia Chirculescu
Honored Contributor

тАО01-27-2010 01:48 AM

тАО01-27-2010 01:48 AM

Re: Automation

>Its not just within this server that I want to do things....I want configure a central

You must create a common user on all your servers that you want to perform the tasks.

let's say you will create the user

maintenance.

On every managed server you must configure sudo for user maintenance to run useradd and

From your station, you can create a script that would perform the same tasks on all servers. This script would

ssh to your 1st server as maintenance,
sudo


ssh to your 2nd server as maintenance and so on...


Best regards,
Horia.
Best regards from Romania,
Horia.
0 Kudos
Reply
Spark_2
Frequent Advisor

тАО01-27-2010 02:05 AM

тАО01-27-2010 02:05 AM

Re: Automation

I add a user 'maintenance' and make its entry passwordless in sudoers file.

Now to perform root taska like useradd one must have appropriate permission. Till reaching the other box using ssh, things are fine but as soon as 'sudo useradd..' comes permission denied is being prompted.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.