HPE Community
Operating System - HP-UX
1833299 Members
3106 Online
110051 Solutions
New Discussion

Re: cmviewcl for normal users not working

 
Rob Fisher
Advisor

‎02-21-2005 08:22 AM

‎02-21-2005 08:22 AM

cmviewcl for normal users not working

I have two clusters where cmviewcl has stopped working for users other than root. They are set up to use the .rhosts method and I have checked their .rhosts files but they all look good.

I'm really not sure what has happened because this has been working for them for some time now and it all of the suden stopped working.

I took a look at some other posting that suggested recycling inetd and making sure that the hacl... services were set up in inetd.conf and services. These did not resolv the problem. Also these servers were just rebooted over the weekend per their normal schedule. I am not sure where to go from here. Any suggestions?
May the winds of life keep you on the right tack
0 Kudos
Reply
4 REPLIES 4
steven Burgess_2
Honored Contributor

‎02-21-2005 08:31 AM

‎02-21-2005 08:31 AM

Re: cmviewcl for normal users not working

Hi Rob

Have you checked out the file

/etc/cmcluster/cmclnodelist

In here you define users to allow them to run cmviewcl.

The file should match on all nodes in the cluster

ie

steven
steven

HTH

Steven
take your time and think things through
0 Kudos
Reply
Rob Fisher
Advisor

‎02-21-2005 08:35 AM

‎02-21-2005 08:35 AM

Re: cmviewcl for normal users not working

I'm sorry I should have mentioned that as well in my question. We looked at using cmnodelist origianlly but decided to just use .rhosts instead.
May the winds of life keep you on the right tack
0 Kudos
Reply
Uday_S_Ankolekar
Honored Contributor

‎02-21-2005 08:37 AM

‎02-21-2005 08:37 AM

Re: cmviewcl for normal users not working

To allow non-root user to execute cmviewcl, you need edit your /etc/cmcluster/cmclnodelist file on each node and place the following lines:

node1 user1
node1 user2

node2 user1
node2 user2
Good Luck..
0 Kudos
Reply
Geoff Wild
Honored Contributor

‎02-22-2005 01:24 AM

‎02-22-2005 01:24 AM

Re: cmviewcl for normal users not working

What version of ServiceGuard are you using?

11.16 has role based security now...

MC/SG 11.15 and older

The following information will be added to future editions of Managing MC/ServiceGuard :

The MC/ServiceGuard cmviewcl command normally requires root access to the system. However, you can easily modify the /etc/cmcluster/cmclnodelist file to allow non-root users to run the cmviewcl command.

If you want a specific non-root user to run the cmviewcl command, then add a hostname-username pair in the /etc/cmcluster/cmclnodelist file. If you want to allow every user to run the cmviewcl command, then add "+" to the end of the /etc/cmcluster/cmclnodelist file. As an example, the following entries for a two-node cluster allow user1 and user2 to run cmviewcl on system1 and allow user3 to run cmviewcl on system2:

system1 root
system1 user1
system1 user2
system2 root
system2 user3



As of MC/SG 11.16

# Access Control Policy Parameters.
#
# Three entries set the access control policy for the cluster:
# First line must be USER_NAME, second USER_HOST, and third USER_ROLE.
# Enter a value after each.
#
# 1. USER_NAME can either be ANY_USER, or a maximum of
# 8 login names from the /etc/passwd file on user host.
# 2. USER_HOST is where the user can issue Serviceguard commands.
# If using Serviceguard Manager, it is the COM server.
# Choose one of these three values: ANY_SERVICEGUARD_NODE, or
# (any) CLUSTER_MEMBER_NODE, or a specific node. For node,
# use the official hostname from domain name server, and not
# an IP addresses or fully qualified name.
# 3. USER_ROLE must be one of these three values:
# * MONITOR: read-only capabilities for the cluster and packages
# * PACKAGE_ADMIN: MONITOR, plus administrative commands for packages
# in the cluster
# * FULL_ADMIN: MONITOR and PACKAGE_ADMIN plus the administrative
# commands for the cluster.
#
# Access control policy does not set a role for configuration
# capability. To configure, a user must log on to one of the
# cluster's nodes as root (UID=0). Access control
# policy cannot limit root users' access.
#
# MONITOR and FULL_ADMIN can only be set in the cluster configuration file,
# and they apply to the entire cluster. PACKAGE_ADMIN can be set in the
# cluster or a package configuration file. If set in the cluster
# configuration file, PACKAGE_ADMIN applies to all configured packages.
# If set in a package configuration file, PACKAGE_ADMIN applies to that
# package only.
#
# Conflicting or redundant policies will cause an error while applying
# the configuration, and stop the process. The maximum number of access
# policies that can be configured in the cluster is 200.
#
#
# Example: to configure a role for user john from node noir to
# administer a cluster and all its packages, enter:
# USER_NAME john
# USER_HOST noir
# USER_ROLE FULL_ADMIN

USER_NAME root
USER_HOST ANY_SERVICEGUARD_NODE
USER_ROLE full_admin

Rgds...Geoff
Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.