Skip to main content
Start a Conversation

This post is more than 5 years old

Solved!

Go to Solution

johndough1

16 Posts

4430

September 30th, 2013 14:00

Question on using symauth and if it disables "root" from being able to run SE commands

I'm trying to confirm that using symauth for Symmetrix authorization will block the "root" user from being able to execute Symcli commands.  The customer's requirement:

Everyone has the sudo privileges on Symcli server including Unix, Backup and Storage Admins. Their purpose is to restrict the box so that only Storage admin can run the commands , not even root users, can't I just enable user authorization with Symauth on the server and then just add the storage admin users to the Admin roles, etc...  Won't this block the "root" user from being able to execute symcli commands?

Can I put “root” in the symauth table and give it a lesser role (like auditor, monitor, etc..)?

sauravrohilla

859 Posts

October 1st, 2013 08:00

Yes, you can enable the symauth on Symm and give the restricted access to the root user.

regards,

Saurabh

johndough1

16 Posts

October 1st, 2013 09:00

So, once symauth is enabled on the symmetrix, you can set the user "root" to have a "monitor" Role or Auditor role, or even no access to run symcli commands?

For example:

symauth -sid 0123 enable

symauth -sid 0123 -file assign_user.cmd commit

 

Where assign_user.cmd contains:

assign user root to role Monitor;

assign user johnd to role StorageAdmin;

etc....

thanks,

John

sauravrohilla

859 Posts

October 1st, 2013 10:00

yes.

johndough1

16 Posts

October 6th, 2013 20:00

I have a follow up question on this, if root is set for None or a less than Admin type role what about changes that need to update the symapi database, isn't the file owned by root with limited permissions?  Also, I assume scripts ran by root where there are symcli commands called out will fail with symauth enabled and root having a limited role?

thanks,

John

sauravrohilla

859 Posts

October 6th, 2013 23:00

Yes you are right, scripts configured with root user will fail once the symauth is enabled and root is not given the required access. I think thats what you were looking for in the first place.

In Windows, i have configured the users and symauth is enabled on VMAX. All users have WR access on the symapi directory.

View More

View All

No Events found!

Top