-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
John,
you might want to take a look at sudo on the Unix side. You can restrict the command list that is accessible to a particular user or set of users as well as log each access.
Just a thought,
- -=Tom Nail
John Stoffel wrote:
Hi all,
I'm running 7.0.1R1 on some filers and we need to give access to users to create qtrees. I've written a perl script wrapper around rsh (to be setuid unfortunately), but I was hoping that I could use SSH instead fot access control, especially if I could limit access to just a single command string or two from the client tool
Has anyone else up SSH non-password access to just a specific command? The user's should NOT be able to login to the NetApp otherwise, they should only be able to do a limited and sanitized version of 'qtree create /vol/<volume>/<qtree> on the filer(s) we have deployed.
Looking on now, I really don't see much explanation of how filer:/vol/root/etc/sshd/... is supposed to help me here with this issue, since I can't find a man page or docs on how to configure the SSHD on the Filter.
Or do I just go back to a SETU
Thanks, John John Stoffel - Senior Staff Systems Administrator - System LSI Group Toshiba America Electronic Components, Inc. - http://www.toshiba.com/taec john.stoffel@taec.toshiba.com - 508-486-1087
------_=extPart_001_01C575DB.1E377A78--