[gpfsug-discuss] Sudo wrappers

Truong Vu truongv at us.ibm.com
Thu Oct 11 04:14:24 BST 2018


Yes, you can use mmchconfig for that.

eg: mmchconfig sudoUser=gpfsadmin

Thanks,
Tru.


Message: 2
Date: Wed, 10 Oct 2018 15:58:51 +0000
From: Simon Thompson <S.J.Thompson at bham.ac.uk>
To: "gpfsug-discuss at spectrumscale.org"
		 <gpfsug-discuss at spectrumscale.org>
Subject: [gpfsug-discuss] Sudo wrappers
Message-ID: <88E47B96-DF0B-428A-92F6-1AEAEA4AA8EE at bham.ac.uk>
Content-Type: text/plain; charset="utf-8"

OK, so I finally got a few minutes to play with the sudo wrappers.

I read the docs on the GPFS website, setup my gpfsadmin user and made it so
that root can ssh as the gpfsadmin user to the host.

Except of course I?ve clearly misunderstood things, because when I do:

[myusername at bber-dssg02 bin]$ sudo /usr/lpp/mmfs/bin/mmgetstate -a
myusername at bber-afmgw01.bb2.cluster's password:
myusername at bber-dssg02.bb2.cluster's password:
myusername at bber-dssg01.bb2.cluster's password:
myusername at bber-afmgw02.bb2.cluster's password:

Now ?myusername? is ? my username, not ?gpfsadmin?. What I really don?t
want to do is permit root to ssh to all the hosts in the cluster
as ?myusername?. I kinda thought the username it sshes as would be
configurable, but apparently not?

Annoyingly, I can do:
[myusername at bber-dssg02 bin]$ sudo
SUDO_USER=gpfsadmin /usr/lpp/mmfs/bin/mmgetstate -a

And that works fine? So is it possibly to set in a config file the user
that the sudo wrapper works as?

(I get there are cases where you want to ssh as the original calling user)

Simon
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <
http://gpfsug.org/pipermail/gpfsug-discuss/attachments/20181010/6317be26/attachment-0001.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://gpfsug.org/pipermail/gpfsug-discuss_gpfsug.org/attachments/20181010/606f5433/attachment-0002.htm>


More information about the gpfsug-discuss mailing list