Modified default authorization for non-root users using RSCT Level 2.5.4.0 or higher
Starting with RSCT level 2.5.4.0 (AIX® 6, and Linux®) a change was introduced that prevents non-root users from running commands to list resources. The appropriate permissions are automatically configured if a new domain is created.
If you migrate an existing domain to this RSCT level, the appropriate
permissions to run commands like lssam
or lsrg
-m
are not automatically configured for non-root users. Depending
on your RSCT level, choose the appropriate actions to adjust the configuration:
- The RSCT level is equal to or higher than 2.5.5.2 (AIX 6, and Linux:
- Create another domain that implicitly adjusts the configuration. Do not start the new domain. You can remove it later.
- Alternatively, or if the RSCT level is lower than 2.4.13.2:
- Use the following commands to adjust the configuration on all
nodes as user root:
- Edit the file
/usr/sbin/rsct/cfg/ctsec_map.global
and add the following content if it does not exist:unix:*@*=clusteruser
- Create a file
/tmp/addacl
and add the following content:DEFAULT none:clusteruser * r
- Adjust the
acl
file by running the following command:/usr/sbin/rsct/install/bin/chrmcacl -a < /tmp/addacl
- Refresh the
ctrmc
sub system for the changes to become effective:refresh -s ctrmc
Non-root users are now able to use commands like
lssam
orlsrg -m
as with earlier RSCT levels. - Edit the file