Open ralphbellofatto opened 7 years ago
setting up the policy table to restrict commands produces errors messages on rcons.
we set the following policy table entry:
[root@c460mgt01 ~]# lsdef -t policy 5.9 -z # <xCAT data object stanza file> 5.9: objtype=policy commands=rcons name=ralphbel rule=allow
[ralphbel@c460mgt01 ~]$ rcons c460c802 Error: Permission denied for request Error: Permission denied for request [Enter `^Ec?' for help]
Red Hat Enterprise Linux Server 7.4 Beta (Pegas) Kernel 4.11.0-26.el7a.ppc64le on an ppc64le
c460c818 login:
if we remove the command restriction as follows:
[root@c460mgt01 ~]# chdef -t policy 5.9 commands= 1 object definitions have been created or modified. [root@c460mgt01 ~]#
The rcons command works without error messages:
[ralphbel@c460mgt01 ~]$ rcons c460c818 [Enter `^Ec?' for help]
[root@c460mgt01 ~]# lsxcatd -v Version 2.13.7 (git commit 9cb9a8d4d5ce4d81617e2e5a5c2d32c42b596c5b, built Fri Sep 1 06:15:38 EDT 2017)
hi @ralphbellofatto , would you please your policy table by tabdump policy? thanks
tabdump policy
setting up the policy table to restrict commands produces errors messages on rcons.
we set the following policy table entry:
[ralphbel@c460mgt01 ~]$ rcons c460c802 Error: Permission denied for request Error: Permission denied for request [Enter `^Ec?' for help]
Red Hat Enterprise Linux Server 7.4 Beta (Pegas) Kernel 4.11.0-26.el7a.ppc64le on an ppc64le
c460c818 login:
[root@c460mgt01 ~]# chdef -t policy 5.9 commands= 1 object definitions have been created or modified. [root@c460mgt01 ~]#
[ralphbel@c460mgt01 ~]$ rcons c460c818 [Enter `^Ec?' for help]
Red Hat Enterprise Linux Server 7.4 Beta (Pegas) Kernel 4.11.0-26.el7a.ppc64le on an ppc64le
c460c818 login: