Digging up an old thread, I'm confused because this bug: http://sourceforge.net/p/xcat/bugs/2908/ seems to indicate that it's been fixed as of v 2.7.4, yet I'm running 2.7.6 and observing the same issue as Matthias describes, below.
I'm trying to let users log into the web gui, but limit their commands to a list like this example, in the policy table: "6.1","lneild",,"authcheck,tabdump,tabedit,lsdef,nodels,chtab",,,,"allow",, When I just have authcheck only, I can log in but not see any nodes. Adding more commands after authcheck, I can't log in at all. -- Lanae Neild [email protected] Systems Programmer I, CCIT, Clemson University 340 Computer Court, Anderson SC, USA 29625 864-505-4293 On Tue, May 29, 2012 at 11:35 AM, Thang Pham <[email protected]> wrote: > The xCAT UI uses many commands, e.g. tabdump, lsdef, nodels, and more. > There is a bug in xcatd where support for multiple commands in the policy > table is not supported. I will opened a bug for this. I usually do not > limit the user in the policy table, but instead deny them access to the > main xCAT UI page and force them to go into the xCAT self-service portal. > The manual way to set the node owner is to run: > > chtab node=mynode nodetype.comments="owner:myuser" > > Once you add this, the nodes should appear into the self-service portal's > nodes table. The self-service portal is really limited for non-zVM > platforms, since I did not add them in yet. But you should be able to run > rpower against nodes. > > > Regards, > ------------------------------------- > *Thang Pham* > IBM Poughkeepsie > Phone: (845) 433-7567* * > e-mail: [email protected] > > > [image: Inactive hide details for Matthias.Merk---05/29/2012 10:59:06 > AM---Hi, When adding "authcheck" to the list of commands, the > use]Matthias.Merk---05/29/2012 > 10:59:06 AM---Hi, When adding "authcheck" to the list of commands, the user > doesn't see any > > From: [email protected] > To: xCAT Users Mailing list <[email protected]>, > Date: 05/29/2012 10:59 AM > > Subject: Re: [xcat-user] adding user to web-ui > ------------------------------ > > > > Hi, > > When adding "authcheck" to the list of commands, the user doesn't see any > nodes in the webui. > Removing "authcheck" the user is able to see all nodes and do everything > ie. like root. > Appending another command to authcheck ie. "authcheck,tabdump" denies > login for the user. > > Now i'm more confused than before :) > > The service portal just states that the users doesn't own any nodes, no > matter which user. > > -- > Mit freundlichen Grüßen / Best Regards > > Matthias Merk > > Thang Pham <[email protected]> schrieb am 24.05.2012 22:32:17: > > > Von: Thang Pham <[email protected]> > > An: xCAT Users Mailing list <[email protected]> > > Kopie: xCAT Users Mailing list <[email protected]> > > Datum: 24.05.2012 22:33 > > Betreff: Re: [xcat-user] adding user to web-ui > > > > You need to add "authcheck" to the list of commands. This is used > > to authenticate the user with xCAT. For example, in the policy > > table, you need to have an entry similar to: > > "6.10","thang",,"authcheck",,,,"allow","privilege:root;", > > > > There is current work on a self service page. It is currently only > > fully supported on z/VM. Other platforms and hypervisors are not > > yet fully supported. To get to that page, point your browser to: > > localhost/xcat/service.php. The latest snap build of the xCAT-UI > > package has the self-service page (https://sourceforge.net/projects/ > > xcat/files/yum/devel/core-snap/). > > > > Regards, > > Thang > > > > -----Lissa Valletta/Poughkeepsie/IBM@IBMUS wrote: ----- > > To: xCAT Users Mailing list <[email protected]> > > From: Lissa Valletta/Poughkeepsie/IBM@IBMUS > > Date: 05/24/2012 02:05PM > > Cc: xCAT Users Mailing list <[email protected]> > > Subject: Re: [xcat-user] adding user to web-ui > > > This works for the CLI , not sure why it affects the web-ui login. > > > > Lissa K. Valletta > > 2-3/T12 > > Poughkeepsie, NY 12601 > > (tie 293) 433-3102 > > > > > > > > [Bild entfernt] Matthias.Merk---05/24/2012 11:46:10 AM---Thanks that > > worked well. As soon as i added a noderange and/or command, > > parameters etc to the > > > > From: [email protected] > > To: xCAT Users Mailing list <[email protected]> > > Date: 05/24/2012 11:46 AM > > Subject: Re: [xcat-user] adding user to web-ui > > > > > > > > Thanks that worked well. > > As soon as i added a noderange and/or command, parameters etc to the > > policy table for that user - login was denied. > > So i guess a i can't limit the users permissions within the web-ui to > > certain hosts or commands? > > > > -- > > Mit freundlichen Grüßen / Best Regards > > > > Matthias Merk > > > > Thang Pham <[email protected]> schrieb am 23.05.2012 15:41:35: > > > > > Von: Thang Pham <[email protected]> > > > An: xCAT Users Mailing list <[email protected]> > > > Kopie: xCAT Users Mailing list <[email protected]> > > > Datum: 23.05.2012 15:42 > > > Betreff: Re: [xcat-user] adding user to web-ui > > > > > > The manual way to add a user is to: > > > 1. chtab username=myuser passwd.key=xcat passwd.password=mypassword > > > 2. chtab name=myuser policy.priority=6.10 policy.rule=allow > > > policy.comments="privilege:root;" > > > > > > This will allow users to access the main xCAT page, e.g. localhost/ > > > xcat. Note that the priority of each user must be unique. For > > > example, if the priority of the user above is 6.10, the next user > > > must have a priority of 6.11, ... > > > > > > Regards, > > > ------------------------------------- > > > Thang Pham > > > IBM Poughkeepsie > > > Phone: (845) 433-7567 > > > e-mail: [email protected] > > > > > > > > > [Bild entfernt] Lissa Valletta---05/23/2012 08:29:47 AM---I thought > > > they would login with the XCAT password. Once you add them as xCAT > > > users they run the xCA > > > > > > From: Lissa Valletta/Poughkeepsie/IBM@IBMUS > > > To: xCAT Users Mailing list <[email protected]>, > > > Cc: xCAT Users Mailing list <[email protected]> > > > Date: 05/23/2012 08:29 AM > > > Subject: Re: [xcat-user] adding user to web-ui > > > > > > > > > > > > I thought they would login with the XCAT password. Once you add > > > them as xCAT users they run the xCAT commands as root. I guess we > > > need the web-ui person to address this. > > > > > > Lissa K. Valletta > > > 2-3/T12 > > > Poughkeepsie, NY 12601 > > > (tie 293) 433-3102 > > > > > > > > > > > > [Bild entfernt] Matthias.Merk---05/23/2012 07:53:54 AM---some users > > > are already defined and able to use the xcat cli commands but i > > > couldn't figure with whi > > > > > > From: [email protected] > > > To: xCAT Users Mailing list <[email protected]> > > > Date: 05/23/2012 07:53 AM > > > Subject: Re: [xcat-user] adding user to web-ui > > > > > > > > > > > > some users are already defined and able to use the xcat cli commands > but > > i > > > couldn't figure with which password they should be able to login to > the > > > web-ui or how to set it. > > > i tried adding an entry to the passwd table and the password for the > > > account on the MN itself. > > > > > > -- > > > Mit freundlichen Grüßen / Best Regards > > > > > > Matthias Merk > > > > > > Lissa Valletta <[email protected]> schrieb am 23.05.2012 13:39:08: > > > > > > > Von: Lissa Valletta <[email protected]> > > > > An: xCAT Users Mailing list <[email protected]> > > > > Kopie: [email protected] > > > > Datum: 23.05.2012 13:40 > > > > Betreff: Re: [xcat-user] adding user to web-ui > > > > > > > > I first admit I have not used the xCAT-UI much but could it be the > > > > same process as adding any non-root user to xCAT. > > > > > > > > https://sourceforge.net/apps/mediawiki/xcat/index.php? > > > > title=Granting_Users_xCAT_privileges > > > > > > > > Lissa K. Valletta > > > > 2-3/T12 > > > > Poughkeepsie, NY 12601 > > > > (tie 293) 433-3102 > > > > > > > > > > > > > > > > [Bild entfernt] Matthias.Merk---05/23/2012 07:34:34 AM---Hi, I would > > > > like to let some users power up/down specific images via the > > > > > > > > From: [email protected] > > > > To: [email protected] > > > > Date: 05/23/2012 07:34 AM > > > > Subject: [xcat-user] adding user to web-ui > > > > > > > > > > > > > > > > Hi, > > > > > > > > I would like to let some users power up/down specific images via the > > > > > web-ui and was wondering if it's possible to add users to the web-ui > > > > (i'm > > > > only aware of the xcat entry in the passwd table) and if the added > > users > > > > > > > get their permission from the policy table? > > > > > > > > Thanks > > > > > > > > -- > > > > Mit freundlichen Grüßen / Best Regards > > > > > > > > Matthias Merk > > > > ---------------- > > > > Disclaimer: > > > > Diese Nachricht dient ausschließlich zu Informationszwecken und ist > > nur > > > > für den Gebrauch des angesprochenen Adressaten bestimmt. > > > > > > > > This message is only for informational purposes and is intended > solely > > > > > for > > > > the use of the addressee. > > > > ---------------- > > > > > > > > > > > > > > > ------------------------------------------------------------------------------ > > > > Live Security Virtual Conference > > > > Exclusive live event will cover all the ways today's security and > > > > threat landscape has changed and how IT managers can respond. > > > Discussions > > > > will include endpoint security, mobile security and the latest in > > > malware > > > > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > > > > _______________________________________________ > > > > xCAT-user mailing list > > > > [email protected] > > > > https://lists.sourceforge.net/lists/listinfo/xcat-user > > > > > > > > > > > > > > > ------------------------------------------------------------------------------ > > > > Live Security Virtual Conference > > > > Exclusive live event will cover all the ways today's security and > > > > threat landscape has changed and how IT managers can respond. > > > Discussions > > > > will include endpoint security, mobile security and the latest in > > > malware > > > > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > > > > _______________________________________________ > > > > xCAT-user mailing list > > > > [email protected] > > > > https://lists.sourceforge.net/lists/listinfo/xcat-user > > > > > > ---------------- > > > Disclaimer: > > > Diese Nachricht dient ausschließlich zu Informationszwecken und ist > nur > > > für den Gebrauch des angesprochenen Adressaten bestimmt. > > > > > > This message is only for informational purposes and is intended solely > > > for > > > the use of the addressee. > > > ---------------- > > > > > > > > > > ------------------------------------------------------------------------------ > > > Live Security Virtual Conference > > > Exclusive live event will cover all the ways today's security and > > > threat landscape has changed and how IT managers can respond. > > Discussions > > > will include endpoint security, mobile security and the latest in > > malware > > > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > > > _______________________________________________ > > > xCAT-user mailing list > > > [email protected] > > > https://lists.sourceforge.net/lists/listinfo/xcat-user > > > > > > > > > > ------------------------------------------------------------------------------ > > > Live Security Virtual Conference > > > Exclusive live event will cover all the ways today's security and > > > threat landscape has changed and how IT managers can respond. > > Discussions > > > will include endpoint security, mobile security and the latest in > > malware > > > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > > > _______________________________________________ > > > xCAT-user mailing list > > > [email protected] > > > https://lists.sourceforge.net/lists/listinfo/xcat-user > > > > > > > ------------------------------------------------------------------------------ > > > Live Security Virtual Conference > > > Exclusive live event will cover all the ways today's security and > > > threat landscape has changed and how IT managers can respond. > > Discussions > > > will include endpoint security, mobile security and the latest in > > malware > > > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > > > _______________________________________________ > > > xCAT-user mailing list > > > [email protected] > > > https://lists.sourceforge.net/lists/listinfo/xcat-user > > > > ---------------- > > Disclaimer: > > Diese Nachricht dient ausschließlich zu Informationszwecken und ist nur > > für den Gebrauch des angesprochenen Adressaten bestimmt. > > > > This message is only for informational purposes and is intended solely > for > > the use of the addressee. > > ---------------- > > > > > > ------------------------------------------------------------------------------ > > Live Security Virtual Conference > > Exclusive live event will cover all the ways today's security and > > threat landscape has changed and how IT managers can respond. > Discussions > > will include endpoint security, mobile security and the latest in > malware > > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > > _______________________________________________ > > xCAT-user mailing list > > [email protected] > > https://lists.sourceforge.net/lists/listinfo/xcat-user > > > > > > > ------------------------------------------------------------------------------ > > Live Security Virtual Conference > > Exclusive live event will cover all the ways today's security and > > threat landscape has changed and how IT managers can respond. > Discussions > > will include endpoint security, mobile security and the latest in > malware > > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > > _______________________________________________ > > xCAT-user mailing list > > [email protected] > > https://lists.sourceforge.net/lists/listinfo/xcat-user > > > > ------------------------------------------------------------------------------ > > Live Security Virtual Conference > > Exclusive live event will cover all the ways today's security and > > threat landscape has changed and how IT managers can respond. > Discussions > > will include endpoint security, mobile security and the latest in > malware > > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > > _______________________________________________ > > xCAT-user mailing list > > [email protected] > > https://lists.sourceforge.net/lists/listinfo/xcat-user > > ---------------- > Disclaimer: > Diese Nachricht dient ausschließlich zu Informationszwecken und ist nur > für den Gebrauch des angesprochenen Adressaten bestimmt. > > This message is only for informational purposes and is intended solely for > the use of the addressee. > ---------------- > > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > _______________________________________________ > xCAT-user mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/xcat-user > > > > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > _______________________________________________ > xCAT-user mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/xcat-user > >
<<graycol.gif>>
------------------------------------------------------------------------------ Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET Get 100% visibility into your production application - at no cost. Code-level diagnostics for performance bottlenecks with <2% overhead Download for free and get started troubleshooting in minutes. http://p.sf.net/sfu/appdyn_d2d_ap1
_______________________________________________ xCAT-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/xcat-user
