[gpfsug-discuss] Sudo wrappers

Simon Thompson S.J.Thompson at bham.ac.uk
Thu Oct 11 08:54:01 BST 2018


Nope that one doesn’t work …

I found it in the docs:
https://www.ibm.com/support/knowledgecenter/en/STXKQY_5.0.2/com.ibm.spectrum.scale.v5r02.doc/bl1adm_mmchconfig.htm
“Specifies a non-root admin user ID to be used when sudo wrappers are enabled and a root-level background process calls an administration command directly instead of through sudo.”

So it reads like it still wants to be “me” unless it’s a background process.

Simon

From: <gpfsug-discuss-bounces at spectrumscale.org> on behalf of "truongv at us.ibm.com" <truongv at us.ibm.com>
Reply-To: "gpfsug-discuss at spectrumscale.org" <gpfsug-discuss at spectrumscale.org>
Date: Thursday, 11 October 2018 at 04:14
To: "gpfsug-discuss at spectrumscale.org" <gpfsug-discuss at spectrumscale.org>
Subject: Re: [gpfsug-discuss] Sudo wrappers


Yes, you can use mmchconfig for that.

eg: mmchconfig sudoUser=gpfsadmin

Thanks,
Tru.


Message: 2
Date: Wed, 10 Oct 2018 15:58:51 +0000
From: Simon Thompson <S.J.Thompson at bham.ac.uk>
To: "gpfsug-discuss at spectrumscale.org"
<gpfsug-discuss at spectrumscale.org>
Subject: [gpfsug-discuss] Sudo wrappers
Message-ID: <88E47B96-DF0B-428A-92F6-1AEAEA4AA8EE at bham.ac.uk>
Content-Type: text/plain; charset="utf-8"

OK, so I finally got a few minutes to play with the sudo wrappers.

I read the docs on the GPFS website, setup my gpfsadmin user and made it so that root can ssh as the gpfsadmin user to the host.

Except of course I?ve clearly misunderstood things, because when I do:

[myusername at bber-dssg02 bin]$ sudo /usr/lpp/mmfs/bin/mmgetstate -a
myusername at bber-afmgw01.bb2.cluster's password: myusername at bber-dssg02.bb2.cluster's password: myusername at bber-dssg01.bb2.cluster's password: myusername at bber-afmgw02.bb2.cluster's password:

Now ?myusername? is ? my username, not ?gpfsadmin?. What I really don?t want to do is permit root to ssh to all the hosts in the cluster as ?myusername?. I kinda thought the username it sshes as would be configurable, but apparently not?

Annoyingly, I can do:
[myusername at bber-dssg02 bin]$ sudo SUDO_USER=gpfsadmin /usr/lpp/mmfs/bin/mmgetstate -a

And that works fine? So is it possibly to set in a config file the user that the sudo wrapper works as?

(I get there are cases where you want to ssh as the original calling user)

Simon
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://gpfsug.org/pipermail/gpfsug-discuss/attachments/20181010/6317be26/attachment-0001.html>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://gpfsug.org/pipermail/gpfsug-discuss_gpfsug.org/attachments/20181011/8a049218/attachment-0002.htm>


More information about the gpfsug-discuss mailing list