Recent changes to User_Management

User_Management modified by Ling

Ling — Mon, 26 Jan 2015 12:56:59 -0000

--- v16
+++ v17
@@ -1,3 +1,9 @@
+## ** This document is obsolete. Please use the following url for the most up to date document. <http: sourceforge.net="" p="" xcat="" wiki="" Granting_Users_xCAT_privileges=""/> **
+
+
+
+
+
 [TOC]

 ## Granting Users xCAT privileges & Setting Up a Remote Client

Discussion for User_Management page

Bruce — Mon, 23 Jun 2014 22:04:56 -0000

User_Management modified by Lissa Valletta

Lissa Valletta — Mon, 23 Jun 2014 22:04:54 -0000

--- v15
+++ v16
@@ -39,6 +39,11 @@
 If you want to grant all users the ability to run nodels, add this line:

     6.1,*,,nodels,,,,allow
+
+by running 
+    
+    chdef -t policy -o 6.1 name=* commands=nodels rule=allow
+    

 Another example is to allow the user to run the rpower command with only the "stat" parameter, and only on certain nodes. (We also use chdef to modify the policy table, as an example of an alternative to tabedit.)

User_Management modified by Lissa Valletta

Lissa Valletta — Mon, 23 Jun 2014 22:04:52 -0000

--- v14
+++ v15
@@ -40,9 +40,9 @@

     6.1,*,,nodels,,,,allow

-Another example is to allow the user to run the rpower command with only the "stat" parameter, and only on certain nodes. (We also use chtab to modify the policy table, as an example of an alternative to tabedit.) 
+Another example is to allow the user to run the rpower command with only the "stat" parameter, and only on certain nodes. (We also use chdef to modify the policy table, as an example of an alternative to tabedit.) 

-    # chtab priority=5 policy.name=<username> policy.commands=rpower policy.parameters=stat policy.noderange=h02-h05 policy.rule=allow
+    # chdef -t policy -o 6.0 name=<username> commands=rpower parameters=stat noderange=h02-h03 rule=allow
     # su - <username>
     -bash-3.2$ rpower h02 on
     Error: Permission denied for request

User_Management modified by Lissa Valletta

Lissa Valletta — Mon, 23 Jun 2014 22:04:47 -0000

--- v13
+++ v14
@@ -23,6 +23,8 @@
 This causes xCAT to recognize this userid, so that it can be specified in the policy table in the next step.

 ### Change the policy table to allow the user to run commands
+
+For information on the policy table. See man the man the manpage: http://xcat.sourceforge.net/man5/policy.5.html 

 To give a user all xCAT command privileges, run "tabedit policy", and add a line:

User_Management modified by Lissa Valletta

Lissa Valletta — Mon, 23 Jun 2014 22:04:45 -0000

--- v12
+++ v13
@@ -1,6 +1,6 @@
 [TOC]

-## Granting Users xCAT privileges|Granting Users xCAT privileges & Setting Up a Remote Client
+## Granting Users xCAT privileges & Setting Up a Remote Client

 By default, only root on the management node can run xCAT commands. But xCAT can be configured to allow both non-root users and remote users to run xCAT commands. The steps below will explain how. If you only want non-root local users, you can stop after step 2.

User_Management modified by Lissa Valletta

Lissa Valletta — Mon, 23 Jun 2014 22:04:44 -0000

--- v11
+++ v12
@@ -1,8 +1,6 @@
 [TOC]

-## User Management
-
-### Granting Users xCAT privileges|Granting Users xCAT privileges & Setting Up a Remote Client
+## Granting Users xCAT privileges|Granting Users xCAT privileges & Setting Up a Remote Client

 By default, only root on the management node can run xCAT commands. But xCAT can be configured to allow both non-root users and remote users to run xCAT commands. The steps below will explain how. If you only want non-root local users, you can stop after step 2.

User_Management modified by Lissa Valletta

Lissa Valletta — Mon, 23 Jun 2014 22:04:42 -0000

--- v10
+++ v11
@@ -2,7 +2,7 @@

 ## User Management

-=== Granting Users xCAT privileges|Granting Users xCAT privileges & Setting Up a Remote Client 
+### Granting Users xCAT privileges|Granting Users xCAT privileges & Setting Up a Remote Client

 By default, only root on the management node can run xCAT commands. But xCAT can be configured to allow both non-root users and remote users to run xCAT commands. The steps below will explain how. If you only want non-root local users, you can stop after step 2.

User_Management modified by Lissa Valletta

Lissa Valletta — Mon, 23 Jun 2014 22:04:37 -0000

--- v9
+++ v10
@@ -82,9 +82,9 @@

 The userids and groupids of the non-root users should be kept the same on the Login Node, the Management Node, Service Nodes and compute nodes. 

-As in step(1), setup the credentials on the Management node by running the /opt/xcat/share/xcat/scripts/setup-local-client.sh <username> command as root. The credentials are placed in $HOME/.xcat directory. These file must be copied to the $HOME/.xcat directory of the username on the Login Node. 
+As in the first step, setup the credentials on the Management node by running the /opt/xcat/share/xcat/scripts/setup-local-client.sh <username> command as root. The credentials are placed in $HOME/.xcat directory. These file must be copied to the $HOME/.xcat directory of the username on the Login Node. 

-As in step (2), setup your policy table on the Managment Node with the permissions that you would like the non-root id to have. Remember, you are giving this id the authority to run the xcat commands as root. 
+As in the second step, setup your policy table on the Managment Node with the permissions that you would like the non-root id to have. Remember, you are giving this id the authority to run the xcat commands as root. 

 At this time, the id should be able to execute any commands that have been set in the policy table from the Login Node as their userid.

User_Management modified by Lissa Valletta

Lissa Valletta — Mon, 23 Jun 2014 22:04:36 -0000

--- v8
+++ v9
@@ -63,7 +63,7 @@

 This will setup the user and root ssh keys for the user under the $HOME/.ssh directory of the user on the nodes. The root ssh keys are needed for the user to run the xCAT commands under the xcatd daemon, where the user will be running as root. Note: the uid for the user should match the uid on the Management Node and a password for the user must have been set on the nodes. 

-## 4\. Setup Login Node (remote client)
+## Setup Login Node (remote client)

 In some cases, you many not want your non-root user to login to the Management Node, but to use a Login Node and run the xCAT commands from the Login Node.  
 To setup a Linux or AIX Login Node, first install the following rpms: