<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:"Helvetica Neue";
panose-1:2 0 5 3 0 0 0 2 0 4;}
@font-face
{font-family:Menlo;
panose-1:2 11 6 9 3 8 4 2 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
tt
{mso-style-priority:99;
font-family:"Courier New";}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
span.EmailStyle20
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.keyword
{mso-style-name:keyword;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
--></style>
</head>
<body lang="EN-GB" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal">Nope that one doesn’t work …<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">I found it in the docs:<o:p></o:p></p>
<p class="MsoNormal">https://www.ibm.com/support/knowledgecenter/en/STXKQY_5.0.2/com.ibm.spectrum.scale.v5r02.doc/bl1adm_mmchconfig.htm<o:p></o:p></p>
<p class="MsoNormal">“<span style="font-size:12.0pt;font-family:"Helvetica Neue";color:#323232;background:white">Specifies a non-root admin user ID to be used when sudo wrappers are enabled and a root-level background process calls an administration command
directly instead of through </span><b><span style="font-size:12.0pt;font-family:Menlo;color:#323232;border:none windowtext 1.0pt;padding:0cm;background:white">sudo</span></b><span style="font-size:12.0pt;font-family:"Helvetica Neue";color:#323232;background:white">.</span>”<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">So it reads like it still wants to be “me” unless it’s a background process.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Simon<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span style="font-size:12.0pt;color:black">From: </span></b><span style="font-size:12.0pt;color:black"><gpfsug-discuss-bounces@spectrumscale.org> on behalf of "truongv@us.ibm.com" <truongv@us.ibm.com><br>
<b>Reply-To: </b>"gpfsug-discuss@spectrumscale.org" <gpfsug-discuss@spectrumscale.org><br>
<b>Date: </b>Thursday, 11 October 2018 at 04:14<br>
<b>To: </b>"gpfsug-discuss@spectrumscale.org" <gpfsug-discuss@spectrumscale.org><br>
<b>Subject: </b>Re: [gpfsug-discuss] Sudo wrappers<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<p><span style="font-size:10.0pt">Yes, you can use mmchconfig for that.</span><br>
<br>
<span style="font-size:10.0pt">eg: mmchconfig sudoUser=gpfsadmin</span><br>
<br>
<span style="font-size:10.0pt">Thanks,</span><br>
<span style="font-size:10.0pt">Tru.</span><br>
<br>
<br>
<tt><span style="font-size:10.0pt">Message: 2</span></tt><span style="font-size:10.0pt;font-family:"Courier New""><br>
<tt>Date: Wed, 10 Oct 2018 15:58:51 +0000</tt><br>
<tt>From: Simon Thompson <S.J.Thompson@bham.ac.uk></tt><br>
<tt>To: "gpfsug-discuss@spectrumscale.org"</tt><br>
<tt><gpfsug-discuss@spectrumscale.org></tt><br>
<tt>Subject: [gpfsug-discuss] Sudo wrappers</tt><br>
<tt>Message-ID: <88E47B96-DF0B-428A-92F6-1AEAEA4AA8EE@bham.ac.uk></tt><br>
<tt>Content-Type: text/plain; charset="utf-8"</tt><br>
<br>
<tt>OK, so I finally got a few minutes to play with the sudo wrappers.</tt><br>
<br>
<tt>I read the docs on the GPFS website, setup my gpfsadmin user and made it so that root can ssh as the gpfsadmin user to the host.</tt><br>
<br>
<tt>Except of course I?ve clearly misunderstood things, because when I do:</tt><br>
<br>
<tt>[myusername@bber-dssg02 bin]$ sudo /usr/lpp/mmfs/bin/mmgetstate -a</tt><br>
<tt>myusername@bber-afmgw01.bb2.cluster's password: myusername@bber-dssg02.bb2.cluster's password: myusername@bber-dssg01.bb2.cluster's password: myusername@bber-afmgw02.bb2.cluster's password:</tt><br>
<br>
<tt>Now ?myusername? is ? my username, not ?gpfsadmin?. What I really don?t want to do is permit root to ssh to all the hosts in the cluster as ?myusername?. I kinda thought the username it sshes as would be configurable, but apparently not?</tt><br>
<br>
<tt>Annoyingly, I can do:</tt><br>
<tt>[myusername@bber-dssg02 bin]$ sudo SUDO_USER=gpfsadmin /usr/lpp/mmfs/bin/mmgetstate -a</tt><br>
<br>
<tt>And that works fine? So is it possibly to set in a config file the user that the sudo wrapper works as?</tt><br>
<br>
<tt>(I get there are cases where you want to ssh as the original calling user)</tt><br>
<br>
<tt>Simon</tt><br>
<tt>-------------- next part --------------</tt><br>
<tt>An HTML attachment was scrubbed...</tt><br>
<tt>URL: <<a href="http://gpfsug.org/pipermail/gpfsug-discuss/attachments/20181010/6317be26/attachment-0001.html">http://gpfsug.org/pipermail/gpfsug-discuss/attachments/20181010/6317be26/attachment-0001.html</a>></tt></span><o:p></o:p></p>
</div>
</body>
</html>