BladeSystem Forums have moved here
To make BladeSystem information easier to find, we have moved the BladeSystem forums here, to Servers and Operating Systems.
System Administration
Showing results for 
Search instead for 
Do you mean 

Problem regarding creating a new policy for powerbroker

Highlighted
Frequent Advisor

Problem regarding creating a new policy for powerbroker

Hi All,

 

I'm trying to create a new policy for powerbroker, which allows users to run a script as root. But, I'm not able to do so. Please, help.

# cat /etc/pb.conf
##############################################################################

include "/etc/pb/diskusage.conf";
include "/etc/pb/catchall.conf";
print("Fell through PowerBroker configuration. Please notify Summit System Support.");

reject;

# cat /etc/pb/diskusage.conf
all_diskusage_auth={
"ashutosh",
"root"
};

 

if ( ( user !all_diskusage_auth ) && ( command == "diskusage" ) ) {
reject "You are not authorized to use diskusage.";

# OK, user is authorized to use diskusage. Test for ownership in no-diskusage
# is done in shell code.

} else if ( ( user in all_diskusage_auth ) && ( command == "diskusage" ) ) {
runuser = "root";
runcommand = "/opt/summit/util/pb/diskusage";
accept;
}

# cat /opt/summit/util/pb/diskusage
#!/usr/bin/sh

##########################################################################
# Get the disk usage for all directories in /develop/home and
# log the results to a logfile in /tmp. Change the ownership
# of the logfile to the user "mcook" and move the file to the
# "mcook" home directory.
##########################################################################

##########################################################################
# Set up internal script variables.
##########################################################################

DATE=`date +"%m%d%y"`
LOG=ulog.${DATE}

##########################################################################
# Clean up any old logfiles, if present.
##########################################################################
echo "super run" >>/tmp/superrun
if [ -e /tmp/${LOG} ] ; then
rm -f /tmp/${LOG}
fi
if [ -e ~mcook/${LOG} ] ; then
rm -f ~mcook/${LOG}
fi

##########################################################################
# Change dir. to /develop/home and record the dir. usage.
##########################################################################

cd /develop/home
du -k -s * > /tmp/${LOG} 2>&1

##########################################################################
# Make sure final ownership and permissions on the logfile
# are correct, and move the file to the "mcook" home dir.
##########################################################################

chmod 644 /tmp/${LOG}
chown mcook:develop /tmp/${LOG}
mv /tmp/${LOG} ~mcook

exit 0

 

 

$ pbsu2 diskusage
pbrun7.0.0-08[7056]: ERROR: The specified security file was not found.

 

Regards,

Ashutosh Singh