HPE Community
Operating System - HP-UX
1837979 Members
2846 Online
110124 Solutions
New Discussion

cmviewcl Permission

 
santosh jha
Frequent Advisor

‎01-13-2004 09:01 PM

‎01-13-2004 09:01 PM

cmviewcl Permission

Can anybody tell me how do i assign cmviewcl executing permission to a normal user.

Regards
Santosh
0 Kudos
Reply
12 REPLIES 12
Duncan Edmonstone
HPE Pro

‎01-13-2004 09:05 PM

‎01-13-2004 09:05 PM

Re: cmviewcl Permission

Santosh,

Add the user to the file

/etc/cmcluster/cmclnodelist

(If the file doesn't exist, you will need to create it on all nodes and make sure it has entries for root on all cluster nodes too)

The format of this file is the same as a .rhosts file.

HTH

Duncan

I am an HPE Employee
Accept or Kudo
Reply
santosh jha
Frequent Advisor

‎01-13-2004 09:22 PM

‎01-13-2004 09:22 PM

Re: cmviewcl Permission

Thanks for the instant reply.In one of the system the cmclnodelist file doesnot exsist but even then one user is able to do that.He is not even in the bin group he is in users group only.
Regards
Santosh
0 Kudos
Reply
Jdamian
Respected Contributor

‎01-13-2004 09:34 PM

‎01-13-2004 09:34 PM

Re: cmviewcl Permission

Check the permissions of /usr/sbin/cmviewcl file in both servers.
0 Kudos
Reply
Jakes Louw
Trusted Contributor

‎01-13-2004 11:53 PM

‎01-13-2004 11:53 PM

Re: cmviewcl Permission

Simply changing the permissions to /usr/sbin/cmviewcl for o+x will not help.

I just tested it from a "normal" user, and got a permissions failure. Now this could be the cmclnodelist file, or else cmcld simply doesn't allow a non privileged user to query cluster info.
Trying is the first step to failure - Homer Simpson
0 Kudos
Reply
melvyn burnard
Honored Contributor

‎01-14-2004 12:00 AM

‎01-14-2004 12:00 AM

Re: cmviewcl Permission

The correct and supported way of doing this is for all nodes to have a cmclnodelist file in /etc/cmcluster, and in that file have entries for the users you wish to be able to run cmviewcl.
It is the same syntax as a .rhosts file
If you wish to enable all users to be able to do this, simply add + to the end of the cmclnodelist.
All this is documented on page 176 of the Managing Serviceguard Manual at:
http://docs.hp.com/hpux/pdf/B3936-90073.pdf
My house is the bank's, my money the wife's, But my opinions belong to me, not HP!
Reply
Paul Torp
Regular Advisor

‎01-14-2004 12:06 AM

‎01-14-2004 12:06 AM

Re: cmviewcl Permission

From your 2nd. post, it seems like you want to remove executing permissions to this user.

In that case, make sure that this user doesn't exist in root's .rhost.
"sendmail is kind of fun..."
0 Kudos
Reply
Jakes Louw
Trusted Contributor

‎01-14-2004 12:22 AM

‎01-14-2004 12:22 AM

Re: cmviewcl Permission

I tested as per Melvyn's posting, and it works.

Firstly, to execute cmviewcl for USERA on a node (SERVER1) in a cluster, there simply has to be an entry in /etc/cmcluster/cmclnodelist ON THAT SERVER:
SERVER1 USERA
You DON'T have to copy this nodelist over to all the nodes if you are only executing on the one server.
Then the execute permissions for cmviewcl must allow "Other" users to call the command:

-r-xr-xr-x

Then it works.
Trying is the first step to failure - Homer Simpson
0 Kudos
Reply
santosh jha
Frequent Advisor

‎01-14-2004 07:13 PM

‎01-14-2004 07:13 PM

Re: cmviewcl Permission

Hpw to do it in HP-UX 11.0 there is no cmclnodelist file in the server but still the user in able to do cmviewcl

Regards
Santosh
0 Kudos
Reply
Jakes Louw
Trusted Contributor

‎01-14-2004 07:14 PM

‎01-14-2004 07:14 PM

Re: cmviewcl Permission

Create the cmclnodelist under /etc/cmcluster.
Trying is the first step to failure - Homer Simpson
0 Kudos
Reply
santosh jha
Frequent Advisor

‎01-14-2004 07:20 PM

‎01-14-2004 07:20 PM

Re: cmviewcl Permission

that user is already able to do cmviewcl
I want to how he is able to do that when cmclnodelist doesnot exsist .

Regards
Santosh
0 Kudos
Reply
Jakes Louw
Trusted Contributor

‎01-14-2004 07:39 PM

‎01-14-2004 07:39 PM

Re: cmviewcl Permission

No idea. I played around with removing the cmclnodelist, as well as modifying root .rhosts, but couldn't reproduce what you are seeing.
Maybe check the permissions on the daemon/agent software under /usr/lbin (cmclconfd, cmcld, cmlogd, cmlvmd, etc).

They should be 544 (-r-xr--r--).
Trying is the first step to failure - Homer Simpson
0 Kudos
Reply
SSP_1
Regular Advisor

‎10-11-2004 06:45 PM

‎10-11-2004 06:45 PM

Re: cmviewcl Permission

Hi Experts,

This is just in continuation with the current thread. If I want to add permission of cmviewcl to a group of 8 users, would it be possible to add a line in the cmclnodelist file.

Please Reply.

Regards
Shripad
Obstacles exist to challenge you to keep going. Not to quit.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.