- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: managing a cluster by a non-root user
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-27-2006 09:10 PM
05-27-2006 09:10 PM
managing a cluster by a non-root user
I had upgarded the service guard to ver A.11.16; but still getting permission denied when trying to manage the cluster by a non-root user?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-27-2006 09:21 PM
05-27-2006 09:21 PM
Re: managing a cluster by a non-root user
It is quite possible to provide sudo access to any SG commands needed to manage the cluster.
sudo is available here:
http://h20293.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=HPUXIEXP1111
You have not specified your OS, so I can't be more specific.
SEP
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-27-2006 09:23 PM
05-27-2006 09:23 PM
Re: managing a cluster by a non-root user
Use the root account instead.
Hope this helps!
Regards
Torsten.
__________________________________________________
There are only 10 types of people in the world -
those who understand binary, and those who don't.
__________________________________________________
No support by private messages. Please ask the forum!
If you feel this was helpful please click the KUDOS! thumb below!

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-27-2006 09:25 PM
05-27-2006 09:25 PM
Re: managing a cluster by a non-root user
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-27-2006 09:36 PM
05-27-2006 09:36 PM
Re: managing a cluster by a non-root user
additional statements in the cluster configuration file and package
configuration files.
Cluster-level admin rights are granted via the cluster configuration file.
Package-level admin rights are granted per package configuration file.
Rights given at cluster-level need not be granted again at the package-level.
The parameters used in these files are:
Cluster Possible settings Meaning
--------- ----------------- --------------------------------
USER_NAME
USER_HOST ANY_SERVICEGUARD_NODE may manage cluster from any node
loaded with Serviceguard
CLUSTER_MEMBER_NODE may manage cluster from a node
in this cluster
this specific node
USER_ROLE MONITOR read-only capabilities for the cluster
and packages
PACKAGE_ADMIN MONITOR, plus administrative commands for
packages in the cluster
FULL_ADMIN MONITOR and PACKAGE_ADMIN plus the
administrative commands for the cluster.
Package Possible settings Meaning
--------- ----------------- --------------------------------
USER_NAME ANY_USER Global authorization
USER_HOST ANY_SERVICEGUARD_NODE may manage package from any node
loaded with Serviceguard
CLUSTER_MEMBER_NODE may manage package from a node
in this cluster
USER_ROLE PACKAGE_ADMIN MONITOR, plus administrative commands
for
packages in the cluster
The A.11.16 cluster configuration file template gives this detail.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-27-2006 09:54 PM
05-27-2006 09:54 PM
Re: managing a cluster by a non-root user
Is it a policy within the Company that you're not allowed to login as root via sudo?
If yes, you should implement sudo and give the users who need to manage the cluster the appropiate rights via sudoers file.
From a security point of view you don't want normal users to manage a cluster.
Darrel
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-27-2006 10:04 PM
05-27-2006 10:04 PM
Re: managing a cluster by a non-root user
Please refer to manual Managing SG - chapter 5
http://docs.hp.com/en/B3936-90079/ch05s01.html#d0e9554
The roles are defined in the cluster config file
The extract of the sample configuration file shows
# Example: to configure a role for user john from node noir to
# administer a cluster and all its packages, enter:
# USER_NAME john
# USER_HOST noir
# USER_ROLE FULL_ADMIN
Also read the section
Preparing your systems to understand all the requirements to have proper access and settings - this can be found at the very beggining of the section pointed by the url given above.
Main things being
1. ip address resolution - /etc/nsswitch.conf - /etc/hosts DNS
2. User validation -
Serviceguard relies on the ident service of the client node to verify the username of the incoming network connection. If the Serviceguard daemon is unable to connect to the client's ident daemon, permission will be denied.
I would recommend to first read that chapter to understand where your problem could be.
Regards,
Ninad
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-28-2006 06:38 PM
05-28-2006 06:38 PM
Re: managing a cluster by a non-root user
ServiceGuard A.11.16.00
- Define policie for users
USER_NAME operator
USER_HOST nodea
USER_ROLE package_admin (or full_admin)
- Install "Serviguar Manager"
SG-Manager A.05.00 Serviceguard Java GUI
its very easy for operator manager Cluster, Nodes and packages with this application.
rgs,
ran