I am working with a customer who's security requirements do not allow root logins between systems, even with the use of ssh keys. Does GPFS provide the ability to define an ordinary user the ability to issue administrative commands? The site does allow password-less logins by non-root users between systems.
This topic has been locked.
3 replies Latest Post - 2013-03-07T23:09:59Z by SystemAdmin
Pinned topic Administrative commands without root
Answered question This question has been answered.
Unanswered question This question has not been answered yet.
Updated on 2013-03-07T23:09:59Z at 2013-03-07T23:09:59Z by SystemAdmin
dlmcnabb 120000P4JT1012 Posts
Re: Administrative commands without root2013-02-27T07:48:06Z in response to dlmcnabbGPFS allows to configure/customize the commands used to remotely login.
You can use this ability to define your own custom ssh/scp scripts. Your custom scripts could use another user to ssh and use sudo remotely to execute the command as root. For GPFS this is transparent, the command is executed remotely and ssh is using a non-root user to login passwordless remotely.
While this would fulfill the customer requirements on paper, there other user effectively becomes equivalent to root, so there is no real security advantage.
Re: Administrative commands without root2013-03-07T23:09:59Z in response to SystemAdminThanks. I was able to make that work. One more question, I was expecting that I would need to do something special with the remote copy command to fix the permissions since the file is being copied as a non-root user, although it seems to be working fine transferring the file using a non-root user. It appears that the file gets transferred to the remote system into the /tmp directory and then the remote system copies the file. Can I assume that this will continue to work in all cases and not run into permission problems?