NIM operations as non-root user?

[FrankieAIX]

Is it possible to perform various NIM functions such as bosinst, resource reset, machine reset, allocate, deallotcate etc.....???

I have created users on a NIM server that belong to the same groups as ROOT but cannot perform any NIM functions as described.


Any light on this would be appreciated!

Thanks!

-FrankieAIX

 

[khalidaaa]

You must have root authority to run the nim command

http://www.ncsa.uiuc.edu/UserInfo/R...an/info/en_US/a_doc_lib/cmds/aixcmds4/nim.htm

regards,
khalid

 

[masrolyat]

ok, you want to give someone who you cannot TRUST with root on the NIM server the ability to install AIX on other servers, mess with the ODM on the NIM server and add and remove filesystems to the /etc/exports (that is what allocate and deallocate does)?

NIM requires root access but you could limit the users access to root with sudo
Here is the site to download AIX version of sudo

http://aixpdslib.seas.ucla.edu/packages/sudo.html

here is the home page to sudo

http://www.gratisoft.us/sudo/

or by creating a ksh scripted menu
here is a simple example that is easily customizable
IF you know the NIM command

https://www-903.ibm.com/kr/techinfo/pseries/download/aix163.doc

Both of these choices have the disadvantage that you will have to decide comands and/or exact command syntax for the NIM user.

Another method is misdirection: create a user called nim then edit /etc/passwd change the users UID to 0 the same as root and then change the initial program from /bin/ksh to /usr/bin/smit nim then when this user logs in they will have root access to the nim menus in smit. Yes, they will still be able to exit to a shell (unlike in the operator menu) but occasionally they might haveto IF they have AIX support on. Maybe this is not misdirection perhaps its emphasis that they are using root ONLY for NIM purposes.

Tell you the truth after supporting NIM at IBM's AIX supportline for 2 years, if you can not trust them with root do not trust them with NIM