Modified default authorization for non-root users using RSCT Level 2.5.4.0 or higher

Starting with RSCT level 2.5.4.0 (AIX® 6, and Linux®) a change was introduced that prevents non-root users from running commands to list resources. The appropriate permissions are automatically configured if a new domain is created.

If you migrate an existing domain to this RSCT level, the appropriate permissions to run commands like lssam or lsrg -m are not automatically configured for non-root users. Depending on your RSCT level, choose the appropriate actions to adjust the configuration:

The RSCT level is equal to or higher than 2.5.5.2 (AIX 6, and Linux:

Create another domain that implicitly adjusts the configuration. Do not start the new domain. You can remove it later.

Alternatively, or if the RSCT level is lower than 2.4.13.2:

Use the following commands to adjust the configuration on all nodes as user root:

1. Edit the file /usr/sbin/rsct/cfg/ctsec_map.global and add the following content if it does not exist:

   unix:*@*=clusteruser

2. Create a file /tmp/addacl and add the following content:

   DEFAULT
      none:clusteruser * r

3. Adjust the acl file by running the following command:

   /usr/sbin/rsct/install/bin/chrmcacl -a < /tmp/addacl

4. Refresh the ctrmc sub system for the changes to become effective:

   refresh -s ctrmc

Non-root users are now able to use commands like lssam or lsrg -m as with earlier RSCT levels.