I am working with a customer who's security requirements do not allow root logins between systems, even with the use of ssh keys. Does GPFS provide the ability to define an ordinary user the ability to issue administrative commands? The site does allow password-less logins by non-root users between systems.
Pinned topic Administrative commands without root
Answered question This question has been answered.
Unanswered question This question has not been answered yet.
Updated on 2013-03-07T23:09:59Z at 2013-03-07T23:09:59Z by SystemAdmin
Re: Administrative commands without root2013-02-27T07:48:06ZThis is the accepted answer. This is the accepted answer.
- dlmcnabb 120000P4JT
You can use this ability to define your own custom ssh/scp scripts. Your custom scripts could use another user to ssh and use sudo remotely to execute the command as root. For GPFS this is transparent, the command is executed remotely and ssh is using a non-root user to login passwordless remotely.
While this would fulfill the customer requirements on paper, there other user effectively becomes equivalent to root, so there is no real security advantage.
Re: Administrative commands without root2013-03-07T23:09:59ZThis is the accepted answer. This is the accepted answer.Thanks. I was able to make that work. One more question, I was expecting that I would need to do something special with the remote copy command to fix the permissions since the file is being copied as a non-root user, although it seems to be working fine transferring the file using a non-root user. It appears that the file gets transferred to the remote system into the /tmp directory and then the remote system copies the file. Can I assume that this will continue to work in all cases and not run into permission problems?