Operating System - HP-UX
1834704 Members
2489 Online
110069 Solutions
New Discussion

Serv.Guard 11.16 cmviewcl for all (200) users. how to?

 
SOLVED
Go to solution
Henk Geurts
Esteemed Contributor

Serv.Guard 11.16 cmviewcl for all (200) users. how to?

hi Guys.
i want to let every use use the cmviewcl command.
I know that version 11.16 uses Access Control Policy Parameters, but don't want to add 200 users in the ascii file....
don't want to fix it with sudo either...

adding a + sign to cmclnodelist doesn't work in this version...

Can you help ?

7 REPLIES 7
RAC_1
Honored Contributor

Re: Serv.Guard 11.16 cmviewcl for all (200) users. how to?

You have very limited options.
I would suggeset to go with sudo.
There is no substitute to HARDWORK
melvyn burnard
Honored Contributor

Re: Serv.Guard 11.16 cmviewcl for all (200) users. how to?

Create a MONITOR role for everyone in the cluster ascii file.
Take a look at page 278 of the managing Serviceguard manual for 11.16 at:
http://docs.hp.com/en/B3936-90079/B3936-90079.pdf
My house is the bank's, my money the wife's, But my opinions belong to me, not HP!
Henk Geurts
Esteemed Contributor

Re: Serv.Guard 11.16 cmviewcl for all (200) users. how to?

thanks
but is there a way to apply wild cards in the clusterascii file so all users can monitor?
USER_NAME *
USER_HOST *
USER_ROLE MONITOR

doesn't do the trick.
melvyn burnard
Honored Contributor
Solution

Re: Serv.Guard 11.16 cmviewcl for all (200) users. how to?

Again, read the manual, you will see that allowed entries are:
ANY_USER or up to 8 user names as per the password file ;in this case use ANY_USER

ANY_SERVICEGUARD_NODE
ANY_CLUSTER_NODE
or a specfific node name, in this case use ANY_SERVICEGUARD_NODE



My house is the bank's, my money the wife's, But my opinions belong to me, not HP!
Steven E. Protter
Exalted Contributor

Re: Serv.Guard 11.16 cmviewcl for all (200) users. how to?

Henk,

I would suggest a carefully written suid script that runs the command as root, just as passwd lets users update the passwd file which root owns and is the only authorized writer.

This is a security hazard if poorly written.

Also Just because you want to give cmviewcl to all users does not make it a good idea.

Another suggestion:

Have cron run a cmviewcl status report, regularly to /tmp directory and let all users view the output.

My second suggestion has the advantage of not being a security hazard.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Stephen Doud
Honored Contributor

Re: Serv.Guard 11.16 cmviewcl for all (200) users. how to?

To permit anyone to use cmviewcl, configure the cluster ASCII file with:

USER_NAME ANY_USER
USER_HOST ANY_SERVICEGUARD_NODE
USER_ROLE MONITOR

cmapplyconf can be done while the cluster is running.
Henk Geurts
Esteemed Contributor

Re: Serv.Guard 11.16 cmviewcl for all (200) users. how to?

thanks to all!