My Favorites

Close

Please to see your favorites.


How to use a non-root account with PlateSpin Migrate, Protect, or Forge

This document (7920711) is provided subject to the disclaimer at the end of this document.

Environment

PlateSpin Migrate, Protect, or Forge used with source Linux and Solaris servers as well as VMware ESX target servers.

Situation

This article provides instructions on how to use a non-root account with PlateSpin Protect, Migrate, or Forge when using a supported Linux source server, Solaris server, or a VMware ESX Server (version 3.0 and lower).

Note: SSH access is not required for ESX 3.5 and above or ESXi servers, there is no requirement for root or sudo access when working with these servers. For details on permissions required for ESX 3.5 and higher servers see the document linked at the bottom of this article.

ESX 3.0 servers require an account with SSH access, this account does not require 'root-like' privileges but must have the Administrator Role through the VIC.


 

Resolution

PowerConvert v5.5 and higher  includes the ability to use a non-root account. In order to use a non-root or "sudo" account with PowerConvert, please use the below steps.  In addition, please use the document "Minimum Privileges for ESX 3.5" attached to this article as another method to add a an account with the necessary permissions to your ESX 3.5 server  -to download the instructions document please click here

  1. On the Linux server or VMware ESX 2.5 Server, create a new user account.  As root, type the following command:

    useradd -G wheel -m -d /home/psuser psuser    ->   where psuser is the name of the new user account

    After creating the new user account, set a password by typing the following command:

    passwd psuser



  2. Add the new user account to the sudoers file to allow the user to run the "sudo" command.  As root type:

    visudo

    The above command should display the following (necessary additions/changes are bold in red):

    Linux Sample Sudoers file:

    # sudoers file.
    #
    # This file MUST be edited with the 'visudo' command as root.
    #
    # See the sudoers man page for the details on how to write a sudoers file.
    #

    # Host alias specification

    # User alias specification

    # Cmnd alias specification

    # Defaults specification

    # User privilege specification
    root    ALL=(ALL) ALL
    psuser    ALL=(ALL) ALL    ------>  ADDING THIS LINE WILL ALLOW THE NEW USER TO RUN SUDO

    # Uncomment to allow people in group wheel to run all commands
    # %wheel        ALL=(ALL) ALL  ------>  UNCOMMENT THIS LINE TO ALLOW WHEEL GROUP MEMBERS TO RUN SUDO

    # Same thing without a password
    # %wheel        ALL=(ALL)       NOPASSWD: ALL


    VMware ESX Server Sample Sudoers file:


    #sudoers file.
    #
    #This file MUST be edited with the 'visudo' command as root.
    #
    #See the sudoers man page for the details on how to write a sudoers file.
    #

    #Host alias specification

    #User alias specification

    #Cmnd alias specification

    #User privilege specification
    root    ALL=(ALL) ALL
    psuser    ALL=(ALL) ALL    ------>  ADDING THIS LINE WILL ALLOW THE NEW USER TO RUN SUDO


  3. Discover the Linux server or the VMware ESX Server using the new user account

 

In addition to this please review the following KB article which discusses the error which you may recieve if the accounts are not configured correctly.

TID 7920795

 

Solaris

In Solaris, Role-Based Access Control (RBAC) is used to offer rights profiles to users. A rights profile is defined as "a collection of administrative capabilities that can be assigned to a role or to a user."

Pfexec (Profile exec) is what is used to manage these profiles.

The profile information of the system is stored within /etc/security/exec_attr . Executing 'cat /etc/security/exec_attr' will generate a list of the profiles on the system, the profile to be used is:

Primary Administrator:suser:cmd:::*:uid=0;gid=0

This Primary Administrator profile grants root access to the users assigned to that profile.

To set up a user as a Primary Administrator, follow the steps below:

1. Create a user. (These steps will user testuser)

useradd -m -d /export/home/testuser testuser

2. Make sure that testuser's home directory exists and is writable. (Home directory normally would be /export/home/testuser)

3. Assign the Primary Administrator profile to testuser.

usermod -P 'Primary Administrator' testuser

4. The user testuser should now be usable by Portability Suite to discovery and migrate the Solaris workload.

Disclaimer

This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:7920711
  • Creation Date:13-JUN-06
  • Modified Date:24-OCT-13
    • NetIQPlateSpin Forge
      PlateSpin Migrate
      PlateSpin Protect

Did this document solve your problem? Provide Feedback