Solved

let a user to run seastat on vioserver..

Posted on 2013-07-02
2
585 Views
Last Modified: 2013-07-02
ok, I have created a user named 'monitor'

root@viosctg1_1 # lsuser monitor
monitor id=203 pgrp=system groups=system,lparmgr home=/home/monitor shell=/usr/bin/ksh login=true su=false rlogin=true daemon=true admin=true sugroups=ALL admgroups= tpath=nosak ttys=ALL expires=0 auth1=SYSTEM auth2=NONE umask=22 registry=files SYSTEM=compat logintimes= loginretries=0 pwdwarntime=0 account_locked=false minage=0 maxage=0 maxexpired=-1 minalpha=0 minother=0 mindiff=0 maxrepeats=8 minlen=0 histexpire=0 histsize=0 pwdchecks= dictionlist= core_path=on core_pathname=/home/ios/logs default_roles= fsize=2097151 cpu=-1 data=262144 stack=65536 core=2097151 rss=65536 nofiles=2000 time_last_login=1372787566 tty_last_login=/dev/pts/1 host_last_login=192.168.123.110 unsuccessful_login_count=0 roles=

I have installed SUDO and let 'monitor' to run any command as root without a password:

$ pwd
/home/monitor
$ sudo -l
User monitor may run the following commands on this host:
    (ALL) NOPASSWD: ALL

So, I have created a script which uses 'seasat' command to get stats from vlans on the vioserver, but it does not run:

$ sudo /usr/sbin/seastat -d ent7
$ echo $?
1

$ truss sudo /usr/sbin/seastat -d ent7
The state is 0
truss: 0915-015 Cannot create subject process.
wait4all: i: 0, status: 589833, pid: 6225968, created: 0

But as root or padmin the command runs successfully.  

Question is, how to run seastat as a user different as root or padmin?
0
Comment
Question by:sminfo
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 68

Accepted Solution

by:
woolmilkporc earned 500 total points
ID: 39292916
Hi,

no need for such a lot of stuff.

As padmin:

mkuser -attr roles=ViewOnly default_roles=ViewOnly monitor
monitor's New password:
...
Enter the new password again:
...

(Without specifying the roles the new user automatically becomes "Admin"!)

su - monitor
monitor's Password:
...
[compat]: 3004-610 You are required to change your password.
        Please choose a new one.
monitor's New password:
...
Enter the new password again:
...
The following file has been updated: .profile
Changes will take affect at next login.

seastat -d ent7
...
...

Or, if you like it better, as root:

mkuser monitor
passwd monitor
...
...
pwdadm -c monitor
chuser roles=ViewOnly default_roles=ViewOnly monitor
su - monitor
/usr/ios/cli/ioscli seastat -d ent7

You can also add (as root) to ~monitor/.profile

alias seastat="/usr/ios/cli/ioscli seastat"
and run
su - monitor
seastat -d ent7

In the first case the user gets a rksh, a PATH to the ios tools and aliases prefixing commands with the call to ioscli.

In the second case the user gets a ksh, a standard PATH but no aliases, so you must specify the call to ioscli explicitly or set aliases by yourself.

Have fun!

wmp
0
 

Author Closing Comment

by:sminfo
ID: 39292971
very nice!! the trick was on RBAC roles at vioserver..;)

Thanks Wmp!!
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Attention: This article will no longer be maintained. If you have any questions, please feel free to mail me. jgh@FreeBSD.org Please see http://www.freebsd.org/doc/en_US.ISO8859-1/articles/freebsd-update-server/ for the updated article. It is avail…
A metadevice consists of one or more devices (slices). It can be expanded by adding slices. Then, it can be grown to fill a larger space while the file system is in use. However, not all UNIX file systems (UFS) can be expanded this way. The conca…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.
Suggested Courses

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question