DX Unified Infrastructure Management

 View Only
  • 1.  Problem using a "sudoer" on AIM for Solaris

    Posted Oct 28, 2014 04:03 PM

    Hi group!

     

    I'm trying to configure the AIM for Solaris Zones to populate data from a Solaris Global Zone.

     

    When I use the user ROOT, the SystemEDGE AIM gets information with success.

     

    But when I try to use a "sudoer" user, I can't.

     

    The bookshelf recommends to use the following sintaxe:

    cassh://ZoneHost:sshPort?authMethod=[Password|PublicKey]&username=nonRootUser[&sudo][&sshPublicKeyFile=publicKeyFileName][&sshPrivateKeyFile=privateKeyFileName]

     

    For example, I tried to use this sintaxe on user field:

    cassh://GLOBALZONE:22?authMethod=Password&username=CAUSER&sudo

     

    If I use only CAUSER, the VAIM accept this user during the authentication but can't to do the pool because I have to inform that this is a "sudoer".

     

    What is wrong in my user sintaxe?



  • 2.  Re: Problem using a "sudoer" on AIM for Solaris
    Best Answer

    Broadcom Employee
    Posted Oct 29, 2014 06:53 AM

    Hi

     

    The syntax looks oke to me , please check the following

     

    The sudo parameter will raise the shells security level. It works best if this user was added to the sudoers file

    with NOPASSWD, so the shell channel doesn't needo to provide a password when running sudo.

    If a password is prompted during sudo, it will use the password in either the password field or,

    as an addtional parameter of the username URI field &password=<ZoneUserPassword>

    The prompt for this user should be a #, for both the login user, and the user after sudo is performed.

    The default Shell for the sudo parameter is /bin/bash.

    You may use another optional shell by specifying the

    following option to the sudo parameter.

    &sudo=<shell>

    Valid shells are

    /bin/bash

    /bin/sh

    /bin/ksh

     

    regards dirk



  • 3.  Re: Problem using a "sudoer" on AIM for Solaris

    Posted Nov 04, 2014 03:06 PM

    Hi Dirk,

     

    But I needed to grant permission to run /usr/sbin/pooladm command.

    After that I could add the global using only username on user field.


    Thank you again.