{"id":222,"date":"2010-08-27T12:55:00","date_gmt":"2010-08-27T18:55:00","guid":{"rendered":"http:\/\/benincosa.com\/blog\/?p=222"},"modified":"2014-11-19T11:25:59","modified_gmt":"2014-11-19T17:25:59","slug":"xcat-for-non-root-users","status":"publish","type":"post","link":"https:\/\/benincosa.com\/?p=222","title":{"rendered":"xCAT for non-root users"},"content":{"rendered":"<p>You have a user on your machine and you only want to enable them to do things like rinv, rvitals, and nodels.  You don&#8217;t want them to be able to provision nor power on\/off and do all those other awesome things that xCAT can do.  <\/p>\n<p>So what do you do?  <\/p>\n<p>Suppose your user name is &#8216;foobar&#8217;.<\/p>\n<p>You do this:<br \/>\n1.  Set up the policy table so that it contains the following: (tabedit policy)<br \/>\n[cc lang=&#8221;bash&#8221;]<br \/>\n#priority,name,host,commands,noderange,parameters,time,rule,comments,disable<br \/>\n&#8220;1&#8221;,&#8221;root&#8221;,,,,,,&#8221;allow&#8221;,,<br \/>\n&#8220;1.1&#8221;,&#8221;foobar&#8221;,,&#8221;rinv&#8221;,,,,&#8221;allow&#8221;,,<br \/>\n&#8220;1.11&#8221;,&#8221;foobar&#8221;,,&#8221;rvitals&#8221;,,,,&#8221;allow&#8221;,,<br \/>\n&#8220;1.12&#8221;,&#8221;foobar&#8221;,,&#8221;nodels&#8221;,,,,&#8221;allow&#8221;,,<br \/>\n[\/cc]<\/p>\n<p>2.  Set up the local cert for the user:<br \/>\n[cc lang=&#8221;bash&#8221;]<br \/>\n\/opt\/xcat\/share\/xcat\/scripts\/setup-local-client.sh foobar<br \/>\n[\/cc]<\/p>\n<p>Any other commands you can add by adding another number, like 1.13, etc.  The numbers are arbitrary, just make sure there is a unique number.  They stand for the priority of access of how the commands are processed.  (e.g: if two commands are received by the xCAT server at the same time.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>You have a user on your machine and you only want to enable them to do things like rinv, rvitals, and nodels. You don&#8217;t want them to be able to provision nor power on\/off and do all those other awesome things that xCAT can do. So what do you do? Suppose your user name is&#8230;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[1],"tags":[],"jetpack_featured_media_url":"","_links":{"self":[{"href":"https:\/\/benincosa.com\/index.php?rest_route=\/wp\/v2\/posts\/222"}],"collection":[{"href":"https:\/\/benincosa.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/benincosa.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/benincosa.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/benincosa.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=222"}],"version-history":[{"count":2,"href":"https:\/\/benincosa.com\/index.php?rest_route=\/wp\/v2\/posts\/222\/revisions"}],"predecessor-version":[{"id":2812,"href":"https:\/\/benincosa.com\/index.php?rest_route=\/wp\/v2\/posts\/222\/revisions\/2812"}],"wp:attachment":[{"href":"https:\/\/benincosa.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=222"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/benincosa.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=222"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/benincosa.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=222"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}