search

xcat2 / xcat-core

Code repo for xCAT core packages
Eclipse Public License 1.0
361 stars 171 forks source link

setting up the policy table to restrict commands produces errors messages on rcons. #3837

Open ralphbellofatto opened 7 years ago

ralphbellofatto commented 7 years ago

setting up the policy table to restrict commands produces errors messages on rcons.

we set the following policy table entry:

[root@c460mgt01 ~]# lsdef -t policy 5.9 -z
# <xCAT data object stanza file>

5.9:
    objtype=policy
    commands=rcons
    name=ralphbel
    rule=allow

[ralphbel@c460mgt01 ~]$ rcons c460c802 Error: Permission denied for request Error: Permission denied for request [Enter `^Ec?' for help]

Red Hat Enterprise Linux Server 7.4 Beta (Pegas) Kernel 4.11.0-26.el7a.ppc64le on an ppc64le

c460c818 login:


if we remove the command restriction as follows:

[root@c460mgt01 ~]# chdef -t policy 5.9 commands= 1 object definitions have been created or modified. [root@c460mgt01 ~]#


The rcons command works without error messages:

[ralphbel@c460mgt01 ~]$ rcons c460c818 [Enter `^Ec?' for help]

Red Hat Enterprise Linux Server 7.4 Beta (Pegas) Kernel 4.11.0-26.el7a.ppc64le on an ppc64le

c460c818 login:



[root@c460mgt01 ~]# lsxcatd -v
Version 2.13.7 (git commit 9cb9a8d4d5ce4d81617e2e5a5c2d32c42b596c5b, built Fri Sep  1 06:15:38 EDT 2017)
immarvin commented 7 years ago

hi @ralphbellofatto , would you please your policy table by tabdump policy? thanks