Erwin Panen
2010-10-18 06:59:00 UTC
Hi,
I realize this must be basic knowledge, I'm trying to do some catching up though ;)</br>
Building my HOME NAS server on EON;</br>
Have existing linux box (syn3) from which to "move" a lot of media files (+1TB)</br>
The actual linux box is limited in that I CANNOT use the proper login to ssh rsync off those media files: the system is integrated with an LDAP server, this entails that normal users can't have SSH access, I can (and have) however create ordinary unix users that are allowed to SSH into the server(not part of LDAP users).</br>
Goal:</br>
- create a user (say lucca) on EON</br>
- user must have his homedir (/pool0/home/lucca)</br>
- list of known hosts (~/.ssh)must function properly</br>
- user must be allowed to use screen</br>
</br>
I believe this should be done using RBAC? Could you give or point me to an example of how to do this?</br>
I've first searched for visudo to find the equivalent is pfexec;</br>
Next I've looked into RBAC, but before starting adventures in RBAC, how to find out e.g. which "role level" will allow "a command" say screen?</br>
</br>
I've noticed that a couple of groups have been used: STOR & ADMIN.</br>
What is the philosphy behind these groups? What is the "intended way" to integrate these with other surrounding systems?</br>
</br>
I've created my own user (erwin)added a homedir (/pool0/home/erwin)</br>
When I ssh into EON, I can't use screen.</br>
Doing "rsync -avz -e ssh lucca-Q0ErXNX1RuZx7FAahk/***@public.gmane.org:/home/shares/public/video/"
will start rsync allright. </br>
All files end up having no rights at all, and being in the wrong usergroup.</br>
Also at regular intervals rsync will stop: </br>
------------------------------</br>
rsync -avz -e ssh lucca-Q0ErXNX1RuZx7FAahk/***@public.gmane.org:/home/shares/public/video/. .</br>
The authenticity of host '192.168.80.191 (192.168.80.191)' can't be established.</br>
RSA key fingerprint is 04:e1:85:cf:fe:6b:55:eb:f7:d6:ab:63:b4:2b:66:ff.</br>
Are you sure you want to continue connecting (yes/no)? yes</br>
Warning: Permanently added '192.168.80.191' (RSA) to the list of known hosts.</br>
lucca-Q0ErXNX1RuZx7FAahk/***@public.gmane.org's password:</br>
receiving file list ... rsync: opendir "/home/shares/public/video</br>
done</br>
-------------------------------</br>
Thanks a lot for helping out!</br>
</br>
Erwin
I realize this must be basic knowledge, I'm trying to do some catching up though ;)</br>
Building my HOME NAS server on EON;</br>
Have existing linux box (syn3) from which to "move" a lot of media files (+1TB)</br>
The actual linux box is limited in that I CANNOT use the proper login to ssh rsync off those media files: the system is integrated with an LDAP server, this entails that normal users can't have SSH access, I can (and have) however create ordinary unix users that are allowed to SSH into the server(not part of LDAP users).</br>
Goal:</br>
- create a user (say lucca) on EON</br>
- user must have his homedir (/pool0/home/lucca)</br>
- list of known hosts (~/.ssh)must function properly</br>
- user must be allowed to use screen</br>
</br>
I believe this should be done using RBAC? Could you give or point me to an example of how to do this?</br>
I've first searched for visudo to find the equivalent is pfexec;</br>
Next I've looked into RBAC, but before starting adventures in RBAC, how to find out e.g. which "role level" will allow "a command" say screen?</br>
</br>
I've noticed that a couple of groups have been used: STOR & ADMIN.</br>
What is the philosphy behind these groups? What is the "intended way" to integrate these with other surrounding systems?</br>
</br>
I've created my own user (erwin)added a homedir (/pool0/home/erwin)</br>
When I ssh into EON, I can't use screen.</br>
Doing "rsync -avz -e ssh lucca-Q0ErXNX1RuZx7FAahk/***@public.gmane.org:/home/shares/public/video/"
will start rsync allright. </br>
All files end up having no rights at all, and being in the wrong usergroup.</br>
Also at regular intervals rsync will stop: </br>
------------------------------</br>
rsync -avz -e ssh lucca-Q0ErXNX1RuZx7FAahk/***@public.gmane.org:/home/shares/public/video/. .</br>
The authenticity of host '192.168.80.191 (192.168.80.191)' can't be established.</br>
RSA key fingerprint is 04:e1:85:cf:fe:6b:55:eb:f7:d6:ab:63:b4:2b:66:ff.</br>
Are you sure you want to continue connecting (yes/no)? yes</br>
Warning: Permanently added '192.168.80.191' (RSA) to the list of known hosts.</br>
lucca-Q0ErXNX1RuZx7FAahk/***@public.gmane.org's password:</br>
receiving file list ... rsync: opendir "/home/shares/public/video</br>
done</br>
-------------------------------</br>
Thanks a lot for helping out!</br>
</br>
Erwin
--
This message posted from opensolaris.org
This message posted from opensolaris.org