3 Replies Latest reply on Jul 11, 2007 9:53 AM by Greg Kullberg

    NSH access permissions

    JeanMichel GUY

      Hello,

       

      How can I give permissions to "admplat" user from "host1" to access with NSH to root on "server2" using RSCD agent ?

       

      Is this line in the exports file on server2 right ?

       

      server1 rw,allowed=user1,user=root

       

      Thats's all, or no ?

       

      Thanks

       

      Jean-Michel

        • 1. Re: NSH access permissions

          Bonjour Jean-Michel!

           

          Here is what you should have on server2:

           

          exports

          server1 rw

           

          users

           

           

          users.local

          admplat rw, map=root

           

           

          In the above example I assume ACLs are being pushed to server2 from the app server, which will contain the 'nouser' entry. This will block all other users from accessing server2 that are not in the list of ACLs.

           

          You could also configure the ACLs in RBAC so that admplat maps to root without manually configuring the users.local file.

           

          -Greg

          • 2. Re: NSH access permissions
            JeanMichel GUY

            Hi Greg,

             

            Is it, this new line "server1 rw" compatible with "* ro" in the exports file ?

             

            I want to acces on the RSCD agent from "server1" server using "admplat" user in NSH only, but I want to access from App Server and CM console too.

             

            Thanks.

             

            Jean-Michel

            • 3. Re: NSH access permissions

              "

              • ro" grants all hosts read-only access to the server. "server1 rw" grants only server1 read-write access. I believe your exports file should look like this:

               

              server1, ro

               

               

              And your users.local file should look like this:

               

              admplat rw,map=root

               

               

              Are you still pushing ACLs from the app server to "server1"?