- Integrated Systems
- About Us
- Integrated Systems
- About Us
01-26-2010 10:03 PM
Direct root login is diabled in all my servers. Now how can things be automated in such kind of environment. I made a second user with uid 0 and tried to use that for small tasks like user addition or running of script from one box to multiple but its being denied as the uid 0 is being captured as root's
How can automation be done in such kind of an environment please. Would appreciate any help.
01-26-2010 10:09 PM
i think its better if you use SUDO.
if you like to download it :
01-26-2010 10:31 PM
01-26-2010 10:42 PM
I want to create a user on multiple boxes sitting in one server. Now all the others have direct root login disabled. Now how to go about it please.
Similarly in case I want to have output like mirroring information and want to run some script from one server to all...
01-26-2010 11:48 PM
I just wanted to underline the fact that
" its being denied as the uid 0 is being captured as root's"
it is the normal behavior of any Unix like SO meaning that any program is looking at the UID not at the user name. This is done by invoking getuid(). Two users with the same UID are treated in the same way.
01-27-2010 01:34 AM
Michael already suggested a good approach of the problem.
Once installed sudo, you should play with visudo in order to configure access to the non-root user to the desired programs (/usr/sbin/useradd , whatever your script/scrips are)
01-27-2010 01:36 AM
Passwordless ssh doesnt help as direct root login is diabled on all the boxes. What else can be done please
01-27-2010 01:48 AM
You must create a common user on all your servers that you want to perform the tasks.
let's say you will create the user
On every managed server you must configure sudo for user maintenance to run useradd and
From your station, you can create a script that would perform the same tasks on all servers. This script would
ssh to your 1st server as maintenance,
ssh to your 2nd server as maintenance and so on...
01-27-2010 02:05 AM
Now to perform root taska like useradd one must have appropriate permission. Till reaching the other box using ssh, things are fine but as soon as 'sudo useradd..' comes permission denied is being prompted.
01-27-2010 02:35 AM
In this case you did something wrong when configure sudo. Review your sudoers (edit the sudoers file only with visudo command!)
Cmnd_Alias PRIV_CMDS = /usr/sbin/useradd, /path_to_yourscript/yourscript
maintenance ALL= NOPASSWD: PRIV_CMDS
Save the file sing :wq command
You can also specify /usr/sbin/ and all your executables from /usr/sbin will be executed by maintenance user.
This should do the job.
01-27-2010 08:39 AM
01-27-2010 08:54 AM
It is designed to "fan out" commands to a number of servers.
01-27-2010 12:52 PM
Playing with SSH and SUDO would require you to log into each system and have setup.
I will need to check "Distributed Systems Administration Utilities"
How about a dirty way of using expect.
Write some 10-15 liners by putting conditions in expect program ( you may switch to uid 0 later within expect program and thats what your system expects to NOT login as uid 0).
Put expect on either HPUX box or find expect in any redhat.
p.s. No points for a dirty way.
01-27-2010 02:55 PM
SSH access with a sudo implementation will work. Just take some scripting to do it.