Scott Mackillip wrote:
> My only question now is: once you give me sudo to cleartool, can't I run a
> shell-out from the cleartool and have a shell running as root?
Of course you can: just to a cleartool find -exec something, it will be run as root.
> does that not defeat the whole idea of sudo?
Yes and no, actually, you can configure sudo to accept only some parameters, this way you do not open the full 'cleartool' command
set.
You can also change the ownership or add ACL's on some commands (mount NFS filesystems f.i.) and files (mostly log files).
And finally you can create an account with root priviliges to be used only in emergency by vob administrators using one-time
passwords generated by the sysadmin and written in a sealed enveloppe.
> If this is the case, and there really is a limited number of UNIX commands for
> troubleshooting clearcase as root, what is that limited number of commands?
>
> I apologize if I'm belaboring the point, but I feel that a strong relationship
> between the Sys Admin team and the ClearCase Admin team is necessary for a
> cohesive and cooperative work environment. I don't want to have to run to the
> Sys Admin each time I need to troubelshoot a user's problem, or restart
> clearcase. In short, I don't want to pester the Sys Admins to the point that
> they roll their eyes and inwardly (or outwardly!) groan each time they see me.
Fully agree.
Denis.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
This archive was generated by hypermail 2b29 : Sun May 06 2001 - 00:22:42 EDT