om access for non-root users

It’s always nice to be able to issue om commands as a normal user rather than having to be permanently logged in as root. In the fully managed DICE world we use the DICE::Authorize Perl module to do the authorisation. In a lightweight installation we have to fallback to using the much more simple LCFG::Authorize module. The selection of the authorization module is typically done by altering the profile.authorize module although it can also be done a per-component basis using the om_authorization resource.

When using the LCFG::Authorize module there is normally a default group named superusers which has the capability to call all om commands. Thus the simplest way to give yourself om super-powers is to add yourself to the list of users for that group, that can be done like this:

!authorize.users_superusers mADD(rod)
!authorize.users_superusers mADD(jane)
!authorize.users_superusers mADD(freddy)

The authorization model can be made much more sophisticated than this example but right now we’re just porting to a new platform so there are just a few of us who require super-powers.

This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply