This post is more than 5 years old
1 Rookie
•
17 Posts
0
4207
September 4th, 2015 00:00
grant another user to the same root privileges
hi all,
i need to create another user on Isilon and customer wants it to have the same exact privileges like root user.
we created another user and another role and assigned all privileges to this role
we used isi_auth commands to add all the privileges available however, two commands can never be executed with this user:
- isi config
- isi domain
so any idea how to gain access to those two commands through a different user . or in general give root privileges to another user
No Events found!
sluetze
2 Intern
•
300 Posts
0
September 4th, 2015 01:00
Hi,
you won't be able to get a user the same "rights" as root - at least not on filepermission base. root ignores filerights completely. They don't exist for root.
The only way to achieve this is to give the user the same UID as root ("0"). But i would not recommend this.
to give the user the possibility to execute the mentioned commands you could modify the sudoers file by using isi_visudo and inserting a line like %newuser ALL=(ALL) NOPASSWD:ALL
this will allow the user to execute ANY command as root by using sudo.
(in my opinion) this is insecure and you should specify the commands more restrictive like
%newuser ALL=(ALL) NOPASSWD:/usr/bin/isi
to only allow the execution of isi-commands as root.
for more Information search for "RBAC Isilon" on EMC-Support
Regards
--Steffen
AmrElSaher
1 Rookie
•
17 Posts
0
September 4th, 2015 04:00
sluetze
that worked just fine, however the commands:
- isi config
- isi domain
needs always to type "sudo" before the command. is there any way we can use them without the "Sudo" part?
sluetze
2 Intern
•
300 Posts
0
September 7th, 2015 03:00
Hi,
docu54200 (OneFS 7.1.1 Securit Configuration Guide) says isi config and isi Domain are not RBAC integrated. So no Chance besides using sudo or the root-account.
Regards
-- Steffen