[one-users] sudo setup on hosts using LVM

Sander Klous sander at nikhef.nl
Thu Nov 5 09:33:37 PST 2009


Not really, I would like to keep the oneadmin privileges to an absolute 
minimum. In other words, oneadmin should only be allowed to execute the 
LVM commands it has explicitly been granted access for.

Shi Jin wrote:
> Hi there,
>
> I think we have to enable the oneadmin user to run the lvm commands on
> the host using LVM, right?
> Currently, this works for me in the /etc/sudoer
> oneadmin ALL=(ALL) NOPASSWD: /sbin/lv* *
> However, this is not a very general case since there are other lvm
> commands such as vgdisplay.
> The fact that all those commands are aliases to the /sbin/lvm command
> make it easy.
> If we have
> oneadmin ALL=(ALL) NOPASSWD: /sbin/lvm *
> then we can run sudo lvm vgdisplay or any lvm command without password
> as oneadmin.
> However, this requires all the lvm commands executed in the format of
> /sbin/lvm <command name> instead of the /sbin/<command name> directly.
>
> Do you think this is a good way to setup the OpenNebula LVM code?
> Thanks.
>   



More information about the Users mailing list