As our internal fight over root privileges rages on, i'm looking for any thoughts/options you might have. My OS background is primarily windows.
My question is this:Is it possible toeffectivelydeploy/maintain nnmi byidentifyinga list of specific commands to be run as root? Any new command would need to be added to this list before it would have permissions to run as root.
Has anyone tried this method? My preference would be to have a checkout system for the root password, but it doesn't look like that will happen. If you've had this difficulty in your organization, I would love to hear how you solved it.
You will need full root access to install & patch, but beyond that, how much CLI work do you actually need to do?
You'll want to be able to use commands like ovstatus, ovstop, ovstart, and you'll need to have access to logs, but beyond that you don't need a lot.
Just start by adding commands to a sudoers configuration, work with only that access, and tweak the sudoers configuration as required. It will work best if you've got a good relationship with the OS Admin team, and they can either quickly make changes to your allowed commands, or they can get you short-term full root access.
If you have a strained relationship with that team, and it takes a long time to get changes made, then it will be tough. But then you'll have lots of other organisational challenges anyway.
Hi Lindsay, thanks for your reply. My team (monitoring platforms) is new and had no relationship with the unix group. As I mentioned below, it looks like they are going to simply hand over all responsibilities to us rather than give us temporary root access. I think this will work out better for us in the end. Thanks again!