grant another user to the same root privileges

Question

hi all, i need to create another user on Isilon and customer wants it to have the same exact privileges like root user. we created another user and another role and assigned all privileges to this role we used isi_auth commands to add all the privileges available however, two commands can never be executed with this user: - isi config - isi domain so any idea how to gain access to those two commands through a different user . or in general give root privileges to another user

sluetze · Accepted Answer

Hi,

you won't be able to get a user the same "rights" as root - at least not on filepermission base. root ignores filerights completely. They don't exist for root.

The only way to achieve this is to give the user the same UID as root ("0"). But i would not recommend this.

to give the user the possibility to execute the mentioned commands you could modify the sudoers file by using isi_visudo and inserting a line like %newuser ALL=(ALL) NOPASSWD:ALL

this will allow the user to execute ANY command as root by using sudo.

(in my opinion) this is insecure and you should specify the commands more restrictive like

%newuser ALL=(ALL) NOPASSWD:/usr/bin/isi

to only allow the execution of isi-commands as root.

for more Information search for "RBAC Isilon" on EMC-Support

Regards

--Steffen

AmrElSaher · Answer

sluetze that worked just fine, however the commands: - isi config - isi domain needs always to type 'sudo' before the command. is there any way we can use them without the 'Sudo' part?

sluetze · Answer

Hi, docu54200 (OneFS 7.1.1 Securit Configuration Guide) says isi config and isi Domain are not RBAC integrated. So no Chance besides using sudo or the root-account. Regards -- Steffen

Isilon

Was this post helpful?