Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

hareg permission

Status
Not open for further replies.

husamzm

IS-IT--Management
Aug 22, 2001
6
AE
Hi all
I have a SUN Cluster Server 7, as a root user I can start or stop the HA services using the
#hareg command

I need to give a prmission to a normal user to that command so he can start and stop the process.
I tried to give full permission to the command 777, but it didn't work, it said that "you don't have a root privilage"

Thanks
 
I you run a "man hareg" - you'll see the following: -

Root privilege is required for options that change the configuration

(-r, -u, and -ynYN).

That's it.
 
So, the best way to give (controlled) user access to this is to install & use sudo ( :-

Sudo (superuser do) allows a system administrator to give certain users (or groups of users) the ability to run some (or all) commands as root while logging all commands and arguments. Sudo operates on a per-command basis, it is not a replacement for the shell. It's features include:

The ability to restrict what commands a user may run on a per-host basis.

Sudo does copious logging of each command, providing a clear audit trail of who did what. When used in tandem with syslogd, the system log daemon, sudo can log all commands to a central host (as well as on the local host). At CU, all admins use sudo in lieu of a root shell to take advantage of this logging.

Sudo uses timestamp files to implement a "ticketing" system. When a user invokes sudo and enters their password, they are granted a ticket for 5 minutes (this timeout is configurable at compile-time). Each subsequent sudo command updates the ticket for another 5 minutes. This avoids the problem of leaving a root shell where others can physically get to your keyboard. There is also an easy way for a user to remove their ticket file, useful for placing in a .logout file.

Sudo's configuration file, the sudoers file, is setup in such a way that the same sudoers file may be used on many machines. This allows for central administration while keeping the flexibility to define a user's privileges on a per-host basis. Please see the samples sudoers file below for a real-world example.
One by one, the penguins steal my sanity. X-)

 
Actually I can't take the risk to install this utility on the production system, but I will test on a test machine.
Anyway, Thanks a lot of your reply, it looks like a usefull utility
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top