It’s always nice to be able to issue om
commands as a normal user rather than having to be permanently logged in as root. In the fully managed DICE world we use the DICE::Authorize
Perl module to do the authorisation. In a lightweight installation we have to fallback to using the much more simple LCFG::Authorize
module. The selection of the authorization module is typically done by altering the profile.authorize
module although it can also be done a per-component basis using the om_authorization
resource.
When using the LCFG::Authorize
module there is normally a default group named superusers which has the capability to call all om commands. Thus the simplest way to give yourself om super-powers is to add yourself to the list of users for that group, that can be done like this:
!authorize.users_superusers mADD(rod) !authorize.users_superusers mADD(jane) !authorize.users_superusers mADD(freddy)
The authorization model can be made much more sophisticated than this example but right now we’re just porting to a new platform so there are just a few of us who require super-powers.