Solved

let a user to run seastat on vioserver..

Posted on 2013-07-02
2
592 Views
Last Modified: 2013-07-02
ok, I have created a user named 'monitor'

root@viosctg1_1 # lsuser monitor
monitor id=203 pgrp=system groups=system,lparmgr home=/home/monitor shell=/usr/bin/ksh login=true su=false rlogin=true daemon=true admin=true sugroups=ALL admgroups= tpath=nosak ttys=ALL expires=0 auth1=SYSTEM auth2=NONE umask=22 registry=files SYSTEM=compat logintimes= loginretries=0 pwdwarntime=0 account_locked=false minage=0 maxage=0 maxexpired=-1 minalpha=0 minother=0 mindiff=0 maxrepeats=8 minlen=0 histexpire=0 histsize=0 pwdchecks= dictionlist= core_path=on core_pathname=/home/ios/logs default_roles= fsize=2097151 cpu=-1 data=262144 stack=65536 core=2097151 rss=65536 nofiles=2000 time_last_login=1372787566 tty_last_login=/dev/pts/1 host_last_login=192.168.123.110 unsuccessful_login_count=0 roles=

I have installed SUDO and let 'monitor' to run any command as root without a password:

$ pwd
/home/monitor
$ sudo -l
User monitor may run the following commands on this host:
    (ALL) NOPASSWD: ALL

So, I have created a script which uses 'seasat' command to get stats from vlans on the vioserver, but it does not run:

$ sudo /usr/sbin/seastat -d ent7
$ echo $?
1

$ truss sudo /usr/sbin/seastat -d ent7
The state is 0
truss: 0915-015 Cannot create subject process.
wait4all: i: 0, status: 589833, pid: 6225968, created: 0

But as root or padmin the command runs successfully.  

Question is, how to run seastat as a user different as root or padmin?
0
Comment
Question by:sminfo
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 68

Accepted Solution

by:
woolmilkporc earned 500 total points
ID: 39292916
Hi,

no need for such a lot of stuff.

As padmin:

mkuser -attr roles=ViewOnly default_roles=ViewOnly monitor
monitor's New password:
...
Enter the new password again:
...

(Without specifying the roles the new user automatically becomes "Admin"!)

su - monitor
monitor's Password:
...
[compat]: 3004-610 You are required to change your password.
        Please choose a new one.
monitor's New password:
...
Enter the new password again:
...
The following file has been updated: .profile
Changes will take affect at next login.

seastat -d ent7
...
...

Or, if you like it better, as root:

mkuser monitor
passwd monitor
...
...
pwdadm -c monitor
chuser roles=ViewOnly default_roles=ViewOnly monitor
su - monitor
/usr/ios/cli/ioscli seastat -d ent7

You can also add (as root) to ~monitor/.profile

alias seastat="/usr/ios/cli/ioscli seastat"
and run
su - monitor
seastat -d ent7

In the first case the user gets a rksh, a PATH to the ios tools and aliases prefixing commands with the call to ioscli.

In the second case the user gets a ksh, a standard PATH but no aliases, so you must specify the call to ioscli explicitly or set aliases by yourself.

Have fun!

wmp
0
 

Author Closing Comment

by:sminfo
ID: 39292971
very nice!! the trick was on RBAC roles at vioserver..;)

Thanks Wmp!!
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Installing FreeBSD… FreeBSD is a darling of an operating system. The stability and usability make it a clear choice for servers and desktops (for the cunning). Savvy?  The Ports collection makes available every popular FOSS application and packag…
Using libpcap/Jpcap to capture and send packets on Solaris version (10/11) Library used: 1.      Libpcap (http://www.tcpdump.org) Version 1.2 2.      Jpcap(http://netresearch.ics.uci.edu/kfujii/Jpcap/doc/index.html) Version 0.6 Prerequisite: 1.      GCC …
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
In a previous video, we went over how to export a DynamoDB table into Amazon S3.  In this video, we show how to load the export from S3 into a DynamoDB table.

628 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question