War over Root Account - NNMi 9.x. (250 Views)
Reply
Collector
Peter_G
Posts: 3
Registered: ‎03-24-2014
Message 1 of 5 (250 Views)

War over Root Account - NNMi 9.x.

hey guys, first post here. 

 

As our internal fight over root privileges rages on, i'm looking for any thoughts/options you might have. My OS background is primarily windows.

 

My question is this: Is it possible to effectively deploy/maintain nnmi by identifying a list of specific commands to be run as root? Any new command would need to be added to this list before it would have permissions to run as root. 

 

Has anyone tried this method? My preference would be to have a checkout system for the root password, but it doesn't look like that will happen. If you've had this difficulty in your organization, I would love to hear how you solved it. 

 

Thanks!

Please use plain text.
Honored Contributor
LindsayHill
Posts: 706
Registered: ‎11-16-2011
Message 2 of 5 (222 Views)

Re: War over Root Account - NNMi 9.x.

It shouldn't be that hard.

 

You will need full root access to install & patch, but beyond that, how much CLI work do you actually need to do?

 

You'll want to be able to use commands like ovstatus, ovstop, ovstart, and you'll need to have access to logs, but beyond that you don't need a lot.

 

Just start by adding commands to a sudoers configuration, work with only that access, and tweak the sudoers configuration as required. It will work best if you've got a good relationship with the OS Admin team, and they can either quickly make changes to your allowed commands, or they can get you short-term full root access.

 

If you have a strained relationship with that team, and it takes a long time to get changes made, then it will be tough. But then you'll have lots of other organisational challenges anyway.

CCIE 36708 | @northlandboy | lkhill.com
Please use plain text.
Honored Contributor
AndyKemp
Posts: 715
Registered: ‎05-17-2010
Message 3 of 5 (194 Views)

Re: War over Root Account - NNMi 9.x.

Sudo works fine even for a non-root installation. I dont have any issues with it on several large systems (>20K nodes , Veritas VCS clustering, Multiple SPIs, stand alone RPS)

Have a nice day :)

Andy Kemp,  CISSP
Please use plain text.
Collector
Peter_G
Posts: 3
Registered: ‎03-24-2014
Message 4 of 5 (186 Views)

Re: War over Root Account - NNMi 9.x.

Thanks for the info Andy. It looks like our unix team will be handing all responsibility for the servers over to us, rather than share sudo. lol. So that is our solution right now. 

Please use plain text.
Collector
Peter_G
Posts: 3
Registered: ‎03-24-2014
Message 5 of 5 (185 Views)

Re: War over Root Account - NNMi 9.x.

Hi Lindsay, thanks for your reply. My team (monitoring platforms) is new and had no relationship with the unix group. As I mentioned below, it looks like they are going to simply hand over all responsibilities to us rather than give us temporary root access. I think this will work out better for us in the end. Thanks again!

Please use plain text.
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation