You have a user on your machine and you only want to enable them to do things like rinv, rvitals, and nodels. You don’t want them to be able to provision nor power on/off and do all those other awesome things that xCAT can do.
So what do you do?
Suppose your user name is ‘foobar’.
You do this:
1. Set up the policy table so that it contains the following: (tabedit policy)
[cc lang=”bash”]
#priority,name,host,commands,noderange,parameters,time,rule,comments,disable
“1”,”root”,,,,,,”allow”,,
“1.1”,”foobar”,,”rinv”,,,,”allow”,,
“1.11”,”foobar”,,”rvitals”,,,,”allow”,,
“1.12”,”foobar”,,”nodels”,,,,”allow”,,
[/cc]
2. Set up the local cert for the user:
[cc lang=”bash”]
/opt/xcat/share/xcat/scripts/setup-local-client.sh foobar
[/cc]
Any other commands you can add by adding another number, like 1.13, etc. The numbers are arbitrary, just make sure there is a unique number. They stand for the priority of access of how the commands are processed. (e.g: if two commands are received by the xCAT server at the same time.
