Solved

let a user to run seastat on vioserver..

Posted on 2013-07-02
2
576 Views
Last Modified: 2013-07-02
ok, I have created a user named 'monitor'

root@viosctg1_1 # lsuser monitor
monitor id=203 pgrp=system groups=system,lparmgr home=/home/monitor shell=/usr/bin/ksh login=true su=false rlogin=true daemon=true admin=true sugroups=ALL admgroups= tpath=nosak ttys=ALL expires=0 auth1=SYSTEM auth2=NONE umask=22 registry=files SYSTEM=compat logintimes= loginretries=0 pwdwarntime=0 account_locked=false minage=0 maxage=0 maxexpired=-1 minalpha=0 minother=0 mindiff=0 maxrepeats=8 minlen=0 histexpire=0 histsize=0 pwdchecks= dictionlist= core_path=on core_pathname=/home/ios/logs default_roles= fsize=2097151 cpu=-1 data=262144 stack=65536 core=2097151 rss=65536 nofiles=2000 time_last_login=1372787566 tty_last_login=/dev/pts/1 host_last_login=192.168.123.110 unsuccessful_login_count=0 roles=

I have installed SUDO and let 'monitor' to run any command as root without a password:

$ pwd
/home/monitor
$ sudo -l
User monitor may run the following commands on this host:
    (ALL) NOPASSWD: ALL

So, I have created a script which uses 'seasat' command to get stats from vlans on the vioserver, but it does not run:

$ sudo /usr/sbin/seastat -d ent7
$ echo $?
1

$ truss sudo /usr/sbin/seastat -d ent7
The state is 0
truss: 0915-015 Cannot create subject process.
wait4all: i: 0, status: 589833, pid: 6225968, created: 0

But as root or padmin the command runs successfully.  

Question is, how to run seastat as a user different as root or padmin?
0
Comment
Question by:sminfo
2 Comments
 
LVL 68

Accepted Solution

by:
woolmilkporc earned 500 total points
ID: 39292916
Hi,

no need for such a lot of stuff.

As padmin:

mkuser -attr roles=ViewOnly default_roles=ViewOnly monitor
monitor's New password:
...
Enter the new password again:
...

(Without specifying the roles the new user automatically becomes "Admin"!)

su - monitor
monitor's Password:
...
[compat]: 3004-610 You are required to change your password.
        Please choose a new one.
monitor's New password:
...
Enter the new password again:
...
The following file has been updated: .profile
Changes will take affect at next login.

seastat -d ent7
...
...

Or, if you like it better, as root:

mkuser monitor
passwd monitor
...
...
pwdadm -c monitor
chuser roles=ViewOnly default_roles=ViewOnly monitor
su - monitor
/usr/ios/cli/ioscli seastat -d ent7

You can also add (as root) to ~monitor/.profile

alias seastat="/usr/ios/cli/ioscli seastat"
and run
su - monitor
seastat -d ent7

In the first case the user gets a rksh, a PATH to the ios tools and aliases prefixing commands with the call to ioscli.

In the second case the user gets a ksh, a standard PATH but no aliases, so you must specify the call to ioscli explicitly or set aliases by yourself.

Have fun!

wmp
0
 

Author Closing Comment

by:sminfo
ID: 39292971
very nice!! the trick was on RBAC roles at vioserver..;)

Thanks Wmp!!
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

Let's say you need to move the data of a file system from one partition to another. This generally involves dismounting the file system, backing it up to tapes, and restoring it to a new partition. You may also copy the file system from one place to…
This tech tip describes how to install the Solaris Operating System from a tape backup that was created using the Solaris flash archive utility. I have used this procedure on the Solaris 8 and 9 OS, and it shoudl also work well on the Solaris 10 rel…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now