i would run a dos2unix on the nsh-install-defaults file. it looks like you have the windows end of line characters in there. you can also vi it and remove the ^Ms...
for the exports, there now way to specify that syntax in the exports. nor should you - you shouldn't map everyone to root...
Thanks for your quick response as always.
So, we can not pass it to map the root user for all, like "* rw,user=root" with this variable NSH_ROOT_HOST?
or is there any other way to do so?
Also, even if, when we have not set this variable, and used the above mentioned nsh-install-defaults file content without using NSH_ROOT_HOST,
it only show nobody/nobody as follows;
Please find attachment for the same.
Thanks & Regards,..
RSCD.png 17.0 K
You're also exporting NSH_USER_TO twice in your file. Not sure if that's causing any issues. After you do the silent install, what entry is in the users.local file?
export NSH_USER_FROM NSH_USER_TO
My users.local file entry after agent installation is as follows,
and that of exports file is * rw
My Agent version is 8.5
What should be my nsh-install-defaults content in order to get proper user mapping with root/root permissions?
Doing it this way, initially only the built-in BLAdmin user has rights to that server. Instead of "BLAdmins:BLAdmin" I prefer "BLAdmins:*" which gives anyone using the BLAdmins Role rights to the server. Either way initially is fine.
Afterwards, you are expected to run a ACL Push Job. This takes all of the users and permissions and populates the users file. Then your users will have proper access to your servers.
i'm not sure what you mean by 'proper user mapping w/ root/root permissions'.
the NSH_ROOT_HOST should result in an entry like:
in the exports file.
what is the issue w/ the BLAdmins entry in the users.local ? normally the acls setup during the agent install are just enough so you can run an acl push job. and we definitely not not recommend putting the '* rw,user=root' in the exports file because that means anyone w/ a nsh client and access to the target can be root.
what are you trying to accomplish by setting up the acls like this ?