test

Sun Cluster 3.1 System Administration Guide

Adding Non-Root Users to SunPlex Manager

To enable a user other than root to log in to SunPlex Manager, you must either create a new user with the "solaris.cluster.admin" Role Based Access Control (RBAC) authorization, or add that authorization to an existing user. Once given authorization to access the full SunPlex Manager functionality, the user can log in with his regular system password.

Note –

Assigning the "solaris.cluster.admin" RBAC authorization to a non-root user allows that user to perform administrative actions usually performed only by root.

For more information, see "Role-Based Access Control" in the Solaris 8 System Administration Guide, Volume 2.

How to Add RBAC Authorization to an Existing User Account

Add RBAC authorization to an existing user account to enable the user to log in to SunPlex Manager by using a regular system password.

Note –

If you assign RBAC authorization to a non-root user account, that user account can perform a set of administrative actions usually performed only by root.

  1. Become superuser on any node of the cluster.

  2. Add the following entry to the /etc/user_attr file on all nodes of the cluster. 


    # vi /etc/user_attr
username::::type=normal;auths=solaris.cluster.admin

  3. If you are logged in to SunPlex Manager as the root user, exit the browser entirely, then restart it.

  4. Connect to one node of the cluster.

  5. Enter the login (username) and password to access SunPlex Manager.

How to Create a New User Account With RBAC Authorization

To provide a new non-root user account root access to the entire cluster through SunPlex Manager, create the account on all nodes of the cluster.

Note –

If you assign RBAC authorization to a non-root user account, that user account can perform a set of administrative actions usually performed only by root.

  1. Become superuser on any node of the cluster.

  2. Create the new user account.


    # useradd -d dir -A solaris.cluster.admin login

    -d dir

    Specifies the home directory of the new user

    -A solaris.cluster.admin

    Assigns the solaris.cluster.admin authorization to the new user account

    login

    Name of the new user account (username)

    Note –

    The user name must be unique and must not already exist either on the local machine or in the network name service.

    See the useradd(1M) man page for more information about creating user accounts.

  3. Set the password on each node of the cluster.


    # passwd login

    Note –

    The password for this account must be the same on all nodes of the cluster.

  4. If you are logged in to SunPlex Manager as the root user, exit the browser entirely, then restart it.

  5. Connect to one node of the cluster.

  6. Enter the new login (username) and password to access SunPlex Manager.