AutoSys Workload Automation

Expand all | Collapse all

Change autosys master account to a non-dialog account - Recommendations?

Jump to Best Answer
  • 1.  Change autosys master account to a non-dialog account - Recommendations?

    Posted 03-16-2018 02:14 PM

    I need to pick some brains on this one :-)

    We are currently on Workload Automation AE 11.3.6 SP5 on Solaris (SPARC). We have had Autosys for years and it was originally setup with one master account called "autosys". When one of us (Autosys Administrators) needs to login to the Autosys server for example to do an autorep, etc., we login directly using the username "autosys" and password. We would like to change this account to a non-dialog account so that you can not longer login directly to it. You would first login as yourself and then sudo to the "autosys" user.

     

    I am wondering if anyone else has ever done this with an environment thats not new? 

    Does anything come to mind that would stop this from working?

     

    Thanks!



  • 2.  Re: Change autosys master account to a non-dialog account - Recommendations?
    Best Answer

    Broadcom Employee
    Posted 03-30-2018 05:48 AM

    Hello

    I ran a quick test on Linux and in the home directory of the autosys user, there is a .bashrc file

    At the end of this .bashrc, source the autosys environment like that

     

    . /opt/CA/WorkloadAutomationAE/autouser.ACE/autosys.bash.<your host name>    

     

    ( the beginning is   dot space slash opt )

     

    Then logon as your regular user, run: sudo su autosys

    and you'll be able to execute any autosys commands

     

    Regards

    Jean Paul



  • 3.  Re: Change autosys master account to a non-dialog account - Recommendations?

    Broadcom Employee
    Posted 04-04-2018 01:32 AM

    How do you implement "We would like to change this account to a non-dialog account" ? Do you simply mean that nobody know Solaris autosys account password?



  • 4.  Re: Change autosys master account to a non-dialog account - Recommendations?

    Posted 04-06-2018 11:11 AM

    Correct. We login as ourself then sudo to the autosys account. 

    I am trying trying to think of anything that could break due to this with Autosys. We current use WCC and EEM with Autosys. EEM is installed on Windows so that one is all set. 



  • 5.  Re: Change autosys master account to a non-dialog account - Recommendations?

    Posted 04-09-2018 11:25 AM

    Hi, we have a similar setup on solaris SPARC with several accounts we don't allow users to directly log into:

    In /etc/profile:

    ############### Su only test section #############
    ## Note: if nfs is not available, this test fails and allows logon

     

    if [[ `tty|grep "not a tty"` = "" ]]
    then
        ORIGNSSHLOGIN=`who am i | awk '{print $1":"$6}' | awk -F. '{print $1}' | sed 's/(//g'`
        if ! `echo ${ORIGNSSHLOGIN} | egrep "zone:global" > /dev/null`
        then
            if ! `egrep ^${ORIGNSSHLOGIN} /nfs/unix/scripts/server.su.only.exception.list > /dev/null`
            then
                WHONAME=`/usr/bin/whoami | awk '{ print $1 }'`
                if [[ "`grep $WHONAME /nfs/unix/scripts/server.su.only.list | grep -v "#"`" == "$WHONAME" && `tty| grep console` = "" ]]
                then
                    WHOORIG=`/usr/bin/who am i | awk '{ print $1 }'`
                    if [[ $WHONAME == $WHOORIG ]]
                    then
                        echo "You cannot log in directly from $LOGNAME ";
                        echo "Please logon with your personal ID and use su - $LOGNAME ";
                        exit ;
                    else
                        :
                    fi
                fi
            else
                :
            fi
        fi
    fi

    ############### End of su only account text ######

     

    This selection works fine with the autosys accout as any jobs normally run by autosys from AE are run non-interactively.