返回
-
标题
How to Configure SharePlex Manager to bypass Using Su command. -
说明
Shareplex Manager discovery fails as Su command is disabled.
-
原因
Security Reasons Su is disabled .
-
解决办法
WORKAROUND:
The work around is to implement the bypass su script instead of calling the real su.
It can be saved into a folder and call it "su" (chmod +x su). That folder then had to be added to the beginning of PATH before invoking sp_cop so that sp_cnc (sp_ctrl) would pick up this script instead of real su.Please note that the script would fail if not called as "su <user> -c true". Also, function check_user_credentials() currently returns true (return code 0) only when a password string is the same as a user name string. It can be replaced with any custom code that may verify a user's identity via custom security facilities used at a particular site.Here is an example script.===========================================================
#!/bin/sh
# vi: sw=2:main()
{
# Fail if not called as "su <user> -c true"
[ "${#}" -eq 3 -a "${2}" = "-c" -a "${3}" = "true" ] || {
_echo "su: Unsupported invocation" 1>&2
exit 2
}
user="${1}"_echo "Password: \c"
read password < /dev/ttycheck_user_credentials "${user}" "${password}"
}check_user_credentials()
{
user="${1}"
password="${2}"[ "${user}" = "${password}" ] && {
return 0
}
return 1
}if [ "`echo -e`" = "-e" ]; then
_echo() {
echo "${@}"
}
else
_echo() {
echo -e "${@}"
}
fimain "${@}"
To implement this, you need to shutdown sp_cop
/xxx/xxx - where you save the above su script.export PATH=/xxx/xxx/: $PATH
./sp_cop &SharePlex manager will invoke the sp_cnc command using the above su script instead of the real su.
You can go to another server sp_ctrl and issue this command
sp_ctlr> status on host:port#
the host would be the server you started the cop with the bypass script.
If you enter the same username and password, it should allow it otherwise it should fail.If it still report incorrect username and password, Check the permission of /dev/pts directory, ls -ld /dev/pts, "chmod 0666 /dev/pts" if necessary.Go to Foglight /Shareplex Manager/ Manage Monitoring .Discover the Stream using this username/passwd.
-
其他信息
Ensure the user is an existing O/S user on the server where shareplex is running andi is in the /etc/passwd file and a part of the group that owns shareplex prod dir and var dir.