Nope that one doesn’t work … I found it in the docs: https://www.ibm.com/support/knowledgecenter/en/STXKQY_5.0.2/com.ibm.spectrum.scale.v5r02.doc/bl1adm_mmchconfig.htm “Specifies a non-root admin user ID to be used when sudo wrappers are enabled and a root-level background process calls an administration command directly instead of through sudo.”
So it reads like it still wants to be “me” unless it’s a background process. Simon From: <[email protected]> on behalf of "[email protected]" <[email protected]> Reply-To: "[email protected]" <[email protected]> Date: Thursday, 11 October 2018 at 04:14 To: "[email protected]" <[email protected]> Subject: Re: [gpfsug-discuss] Sudo wrappers Yes, you can use mmchconfig for that. eg: mmchconfig sudoUser=gpfsadmin Thanks, Tru. Message: 2 Date: Wed, 10 Oct 2018 15:58:51 +0000 From: Simon Thompson <[email protected]> To: "[email protected]" <[email protected]> Subject: [gpfsug-discuss] Sudo wrappers Message-ID: <[email protected]> Content-Type: text/plain; charset="utf-8" OK, so I finally got a few minutes to play with the sudo wrappers. I read the docs on the GPFS website, setup my gpfsadmin user and made it so that root can ssh as the gpfsadmin user to the host. Except of course I?ve clearly misunderstood things, because when I do: [myusername@bber-dssg02 bin]$ sudo /usr/lpp/mmfs/bin/mmgetstate -a [email protected]'s password: [email protected]'s password: [email protected]'s password: [email protected]'s password: Now ?myusername? is ? my username, not ?gpfsadmin?. What I really don?t want to do is permit root to ssh to all the hosts in the cluster as ?myusername?. I kinda thought the username it sshes as would be configurable, but apparently not? Annoyingly, I can do: [myusername@bber-dssg02 bin]$ sudo SUDO_USER=gpfsadmin /usr/lpp/mmfs/bin/mmgetstate -a And that works fine? So is it possibly to set in a config file the user that the sudo wrapper works as? (I get there are cases where you want to ssh as the original calling user) Simon -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://gpfsug.org/pipermail/gpfsug-discuss/attachments/20181010/6317be26/attachment-0001.html>
_______________________________________________ gpfsug-discuss mailing list gpfsug-discuss at spectrumscale.org http://gpfsug.org/mailman/listinfo/gpfsug-discuss
