The bug fix is in 2.7.6 and I verified that the list of commands is honored when running xCAT on the command line for a defined user. That is you are limited to only those commands. We need input from Thang how to use the GUI interface. Can you test by logging into the Management node as lneild and just try tabdump which should work and then chdef which you should be denied.
Lissa K. Valletta 8-3/B10 Poughkeepsie, NY 12601 (tie 293) 433-3102 From: Lanae Neild <[email protected]> To: xCAT Users Mailing list <[email protected]> Date: 04/30/2013 03:48 PM Subject: Re: [xcat-user] adding user to web-ui Digging up an old thread, I'm confused because this bug: http://sourceforge.net/p/xcat/bugs/2908/ seems to indicate that it's been fixed as of v 2.7.4, yet I'm running 2.7.6 and observing the same issue as Matthias describes, below. I'm trying to let users log into the web gui, but limit their commands to a list like this example, in the policy table: "6.1","lneild",,"authcheck,tabdump,tabedit,lsdef,nodels,chtab",,,,"allow",, When I just have authcheck only, I can log in but not see any nodes. Adding more commands after authcheck, I can't log in at all. -- Lanae Neild [email protected] Systems Programmer I, CCIT, Clemson University 340 Computer Court, Anderson SC, USA 29625 864-505-4293 On Tue, May 29, 2012 at 11:35 AM, Thang Pham <[email protected]> wrote: The xCAT UI uses many commands, e.g. tabdump, lsdef, nodels, and more. There is a bug in xcatd where support for multiple commands in the policy table is not supported. I will opened a bug for this. I usually do not limit the user in the policy table, but instead deny them access to the main xCAT UI page and force them to go into the xCAT self-service portal. The manual way to set the node owner is to run: chtab node=mynode nodetype.comments="owner:myuser" Once you add this, the nodes should appear into the self-service portal's nodes table. The self-service portal is really limited for non-zVM platforms, since I did not add them in yet. But you should be able to run rpower against nodes. Regards, ------------------------------------- Thang Pham IBM Poughkeepsie Phone: (845) 433-7567 e-mail: [email protected] Inactive hide details for Matthias.Merk---05/29/2012 10:59:06 AM---Hi, When adding "authcheck" to the list of commands, the use Matthias.Merk---05/29/2012 10:59:06 AM---Hi, When adding "authcheck" to the list of commands, the user doesn't see any From: [email protected] To: xCAT Users Mailing list <[email protected]>, Date: 05/29/2012 10:59 AM Subject: Re: [xcat-user] adding user to web-ui Hi, When adding "authcheck" to the list of commands, the user doesn't see any nodes in the webui. Removing "authcheck" the user is able to see all nodes and do everything ie. like root. Appending another command to authcheck ie. "authcheck,tabdump" denies login for the user. Now i'm more confused than before :) The service portal just states that the users doesn't own any nodes, no matter which user. -- Mit freundlichen Grüßen / Best Regards Matthias Merk Thang Pham <[email protected]> schrieb am 24.05.2012 22:32:17: > Von: Thang Pham <[email protected]> > An: xCAT Users Mailing list <[email protected]> > Kopie: xCAT Users Mailing list <[email protected]> > Datum: 24.05.2012 22:33 > Betreff: Re: [xcat-user] adding user to web-ui > > You need to add "authcheck" to the list of commands. This is used > to authenticate the user with xCAT. For example, in the policy > table, you need to have an entry similar to: > "6.10","thang",,"authcheck",,,,"allow","privilege:root;", > > There is current work on a self service page. It is currently only > fully supported on z/VM. Other platforms and hypervisors are not > yet fully supported. To get to that page, point your browser to: > localhost/xcat/service.php. The latest snap build of the xCAT-UI > package has the self-service page (https://sourceforge.net/projects/ > xcat/files/yum/devel/core-snap/). > > Regards, > Thang > > -----Lissa Valletta/Poughkeepsie/IBM@IBMUS wrote: ----- > To: xCAT Users Mailing list <[email protected]> > From: Lissa Valletta/Poughkeepsie/IBM@IBMUS > Date: 05/24/2012 02:05PM > Cc: xCAT Users Mailing list <[email protected]> > Subject: Re: [xcat-user] adding user to web-ui > This works for the CLI , not sure why it affects the web-ui login. > > Lissa K. Valletta > 2-3/T12 > Poughkeepsie, NY 12601 > (tie 293) 433-3102 > > > > [Bild entfernt] Matthias.Merk---05/24/2012 11:46:10 AM---Thanks that > worked well. As soon as i added a noderange and/or command, > parameters etc to the > > From: [email protected] > To: xCAT Users Mailing list <[email protected]> > Date: 05/24/2012 11:46 AM > Subject: Re: [xcat-user] adding user to web-ui > > > > Thanks that worked well. > As soon as i added a noderange and/or command, parameters etc to the > policy table for that user - login was denied. > So i guess a i can't limit the users permissions within the web-ui to > certain hosts or commands? > > -- > Mit freundlichen Grüßen / Best Regards > > Matthias Merk > > Thang Pham <[email protected]> schrieb am 23.05.2012 15:41:35: > > > Von: Thang Pham <[email protected]> > > An: xCAT Users Mailing list <[email protected]> > > Kopie: xCAT Users Mailing list <[email protected]> > > Datum: 23.05.2012 15:42 > > Betreff: Re: [xcat-user] adding user to web-ui > > > > The manual way to add a user is to: > > 1. chtab username=myuser passwd.key=xcat passwd.password=mypassword > > 2. chtab name=myuser policy.priority=6.10 policy.rule=allow > > policy.comments="privilege:root;" > > > > This will allow users to access the main xCAT page, e.g. localhost/ > > xcat. Note that the priority of each user must be unique. For > > example, if the priority of the user above is 6.10, the next user > > must have a priority of 6.11, ... > > > > Regards, > > ------------------------------------- > > Thang Pham > > IBM Poughkeepsie > > Phone: (845) 433-7567 > > e-mail: [email protected] > > > > > > [Bild entfernt] Lissa Valletta---05/23/2012 08:29:47 AM---I thought > > they would login with the XCAT password. Once you add them as xCAT > > users they run the xCA > > > > From: Lissa Valletta/Poughkeepsie/IBM@IBMUS > > To: xCAT Users Mailing list <[email protected]>, > > Cc: xCAT Users Mailing list <[email protected]> > > Date: 05/23/2012 08:29 AM > > Subject: Re: [xcat-user] adding user to web-ui > > > > > > > > I thought they would login with the XCAT password. Once you add > > them as xCAT users they run the xCAT commands as root. I guess we > > need the web-ui person to address this. > > > > Lissa K. Valletta > > 2-3/T12 > > Poughkeepsie, NY 12601 > > (tie 293) 433-3102 > > > > > > > > [Bild entfernt] Matthias.Merk---05/23/2012 07:53:54 AM---some users > > are already defined and able to use the xcat cli commands but i > > couldn't figure with whi > > > > From: [email protected] > > To: xCAT Users Mailing list <[email protected]> > > Date: 05/23/2012 07:53 AM > > Subject: Re: [xcat-user] adding user to web-ui > > > > > > > > some users are already defined and able to use the xcat cli commands but > i > > couldn't figure with which password they should be able to login to the > > web-ui or how to set it. > > i tried adding an entry to the passwd table and the password for the > > account on the MN itself. > > > > -- > > Mit freundlichen Grüßen / Best Regards > > > > Matthias Merk > > > > Lissa Valletta <[email protected]> schrieb am 23.05.2012 13:39:08: > > > > > Von: Lissa Valletta <[email protected]> > > > An: xCAT Users Mailing list <[email protected]> > > > Kopie: [email protected] > > > Datum: 23.05.2012 13:40 > > > Betreff: Re: [xcat-user] adding user to web-ui > > > > > > I first admit I have not used the xCAT-UI much but could it be the > > > same process as adding any non-root user to xCAT. > > > > > > https://sourceforge.net/apps/mediawiki/xcat/index.php? > > > title=Granting_Users_xCAT_privileges > > > > > > Lissa K. Valletta > > > 2-3/T12 > > > Poughkeepsie, NY 12601 > > > (tie 293) 433-3102 > > > > > > > > > > > > [Bild entfernt] Matthias.Merk---05/23/2012 07:34:34 AM---Hi, I would > > > like to let some users power up/down specific images via the > > > > > > From: [email protected] > > > To: [email protected] > > > Date: 05/23/2012 07:34 AM > > > Subject: [xcat-user] adding user to web-ui > > > > > > > > > > > > Hi, > > > > > > I would like to let some users power up/down specific images via the > > > web-ui and was wondering if it's possible to add users to the web-ui > > (i'm > > > only aware of the xcat entry in the passwd table) and if the added > users > > > > > get their permission from the policy table? > > > > > > Thanks > > > > > > -- > > > Mit freundlichen Grüßen / Best Regards > > > > > > Matthias Merk > > > ---------------- > > > Disclaimer: > > > Diese Nachricht dient ausschließlich zu Informationszwecken und ist > nur > > > für den Gebrauch des angesprochenen Adressaten bestimmt. > > > > > > This message is only for informational purposes and is intended solely > > > for > > > the use of the addressee. > > > ---------------- > > > > > > > > > ------------------------------------------------------------------------------ > > > Live Security Virtual Conference > > > Exclusive live event will cover all the ways today's security and > > > threat landscape has changed and how IT managers can respond. > > Discussions > > > will include endpoint security, mobile security and the latest in > > malware > > > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > > > _______________________________________________ > > > xCAT-user mailing list > > > [email protected] > > > https://lists.sourceforge.net/lists/listinfo/xcat-user > > > > > > > > > ------------------------------------------------------------------------------ > > > Live Security Virtual Conference > > > Exclusive live event will cover all the ways today's security and > > > threat landscape has changed and how IT managers can respond. > > Discussions > > > will include endpoint security, mobile security and the latest in > > malware > > > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > > > _______________________________________________ > > > xCAT-user mailing list > > > [email protected] > > > https://lists.sourceforge.net/lists/listinfo/xcat-user > > > > ---------------- > > Disclaimer: > > Diese Nachricht dient ausschließlich zu Informationszwecken und ist nur > > für den Gebrauch des angesprochenen Adressaten bestimmt. > > > > This message is only for informational purposes and is intended solely > for > > the use of the addressee. > > ---------------- > > > > > ------------------------------------------------------------------------------ > > Live Security Virtual Conference > > Exclusive live event will cover all the ways today's security and > > threat landscape has changed and how IT managers can respond. > Discussions > > will include endpoint security, mobile security and the latest in > malware > > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > > _______________________________________________ > > xCAT-user mailing list > > [email protected] > > https://lists.sourceforge.net/lists/listinfo/xcat-user > > > > > ------------------------------------------------------------------------------ > > Live Security Virtual Conference > > Exclusive live event will cover all the ways today's security and > > threat landscape has changed and how IT managers can respond. > Discussions > > will include endpoint security, mobile security and the latest in > malware > > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > > _______________________________________________ > > xCAT-user mailing list > > [email protected] > > https://lists.sourceforge.net/lists/listinfo/xcat-user > > > ------------------------------------------------------------------------------ > > Live Security Virtual Conference > > Exclusive live event will cover all the ways today's security and > > threat landscape has changed and how IT managers can respond. > Discussions > > will include endpoint security, mobile security and the latest in > malware > > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > > _______________________________________________ > > xCAT-user mailing list > > [email protected] > > https://lists.sourceforge.net/lists/listinfo/xcat-user > > ---------------- > Disclaimer: > Diese Nachricht dient ausschließlich zu Informationszwecken und ist nur > für den Gebrauch des angesprochenen Adressaten bestimmt. > > This message is only for informational purposes and is intended solely for > the use of the addressee. > ---------------- > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > _______________________________________________ > xCAT-user mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/xcat-user > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > _______________________________________________ > xCAT-user mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/xcat-user > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > _______________________________________________ > xCAT-user mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/xcat-user ---------------- Disclaimer: Diese Nachricht dient ausschließlich zu Informationszwecken und ist nur für den Gebrauch des angesprochenen Adressaten bestimmt. This message is only for informational purposes and is intended solely for the use of the addressee. ---------------- ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ xCAT-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/xcat-user ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ xCAT-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/xcat-user ------------------------------------------------------------------------------ Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET Get 100% visibility into your production application - at no cost. Code-level diagnostics for performance bottlenecks with <2% overhead Download for free and get started troubleshooting in minutes. http://p.sf.net/sfu/appdyn_d2d_ap1 _______________________________________________ xCAT-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/xcat-user
<<inline: graycol.gif>>
------------------------------------------------------------------------------ Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET Get 100% visibility into your production application - at no cost. Code-level diagnostics for performance bottlenecks with <2% overhead Download for free and get started troubleshooting in minutes. http://p.sf.net/sfu/appdyn_d2d_ap1
_______________________________________________ xCAT-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/xcat-user
