Highlighted
Peter_G Absent Member.
Absent Member.
1463 views

War over Root Account - NNMi 9.x.

hey guys, first post here. 

 

As our internal fight over root privileges rages on, i'm looking for any thoughts/options you might have. My OS background is primarily windows.

 

My question is this: Is it possible to effectively deploy/maintain nnmi by identifying a list of specific commands to be run as root? Any new command would need to be added to this list before it would have permissions to run as root. 

 

Has anyone tried this method? My preference would be to have a checkout system for the root password, but it doesn't look like that will happen. If you've had this difficulty in your organization, I would love to hear how you solved it. 

 

Thanks!

4 Replies
LindsayHill Acclaimed Contributor.
Acclaimed Contributor.

Re: War over Root Account - NNMi 9.x.

It shouldn't be that hard.

 

You will need full root access to install & patch, but beyond that, how much CLI work do you actually need to do?

 

You'll want to be able to use commands like ovstatus, ovstop, ovstart, and you'll need to have access to logs, but beyond that you don't need a lot.

 

Just start by adding commands to a sudoers configuration, work with only that access, and tweak the sudoers configuration as required. It will work best if you've got a good relationship with the OS Admin team, and they can either quickly make changes to your allowed commands, or they can get you short-term full root access.

 

If you have a strained relationship with that team, and it takes a long time to get changes made, then it will be tough. But then you'll have lots of other organisational challenges anyway.

Tags (1)
Acclaimed Contributor.. AndyKemp Acclaimed Contributor..
Acclaimed Contributor..

Re: War over Root Account - NNMi 9.x.

Sudo works fine even for a non-root installation. I dont have any issues with it on several large systems (>20K nodes , Veritas VCS clustering, Multiple SPIs, stand alone RPS)

Have a nice day 🙂

Andy Kemp
I've lasted longer in the technology industry than most certifications.
Peter_G Absent Member.
Absent Member.

Re: War over Root Account - NNMi 9.x.

Thanks for the info Andy. It looks like our unix team will be handing all responsibility for the servers over to us, rather than share sudo. lol. So that is our solution right now. 

0 Likes
Peter_G Absent Member.
Absent Member.

Re: War over Root Account - NNMi 9.x.

Hi Lindsay, thanks for your reply. My team (monitoring platforms) is new and had no relationship with the unix group. As I mentioned below, it looks like they are going to simply hand over all responsibilities to us rather than give us temporary root access. I think this will work out better for us in the end. Thanks again!

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.