This isn't a direct solution for your problem, but in a previous life I
needed to delegate some sysadmin tasks to Help Desk agents, without
giving them the whole enchilada.
Basically, I setup a special administration account that could receive
email, filter the email messages using procmail into a script that parsed
the email message with Perl, then used "commands" inside of the message
text body to maintain sendmail aliases.
It can get as fancy as you want, but I allowed them to add, query,
delete entries once I validated their credentials. It also gave me an
audit trail of user modifications, something which I don't think the
existing tools provide.
Maybe you could adopt this concept for your distributed admin needs?
Brad Lackey wrote:
yes, but this only add more users which can use the whole GUI... I
think that he wants to restrict what the admin user can do from the
GUI. i.e. add registrations, but not restart services.
Craig Bender wrote:
Yes there
is, in fact it already exists.
# /opt/SUNWut/sbin/utadminuser -h
utadminuser
utadminuser -h
utadminuser -a <username> [ <username> ... ]
utadminuser -d <username> [ <username> ... ]
utadminuser -r
Options:
# with no options, utadminuser prints the list of all
users
# authorized to administer the Sunray through the Admin
GUI.
-a # adds specified users to the list
-d # deletes specified users from the list
-r # removes all authorized users
-h # prints this usage
Brad Lackey wrote:
Cuny, David wrote:
Thanks. The "batch add from file" option
looks like an alternative for now.
So does that mean that adding additional (i.e. non-admin) users to the
Admin GUI is not being planned, or at least will not be ready soon?
There will be nothing in the near future that includes "Administrative
Roles".
David
------------------------------------------------------------------------
*From:* [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]
*On Behalf Of *Brad Lackey
*Sent:* Thursday, February 15, 2007 8:11 AM
*To:* SunRay-Users mailing list
*Subject:* Re: [SunRay-Users] Restricted web gui?
I'm glad the script is working for you...
There is the ability to add/edit SRDB card registrations using the CLI
/opt/SUNWut/sbin/utuser
Check out the man page "man -M /opt/SUNWut/man utuser"
Brad
Cuny, David wrote:
In the very near future, my dept will be deploying several dozen Sun
Rays as Windows desktop replacements (uttsc CAM scripts that point to
various RDP sessions depending on card id). To ease the workload of
adding new users, our helpdesk staff has offered to assist in the
deployment and management of new user sessions. This is easy with the
admin gui web page, but does give the helpdesk the capacity to do cold
restarts to the service and mess with the security settings, something
that doesn't make this sysadmin very happy. At the same time, I would
also not be happy if I was on vacation (I'm the sole Unix admin) and I
had to remote in to add new sunray users.
So, is there a way to add another user to the admin gui with restricted
privileges? If not, is there another way to go about this (i.e.
server-side script or something else)?
FYI, I'm using a modified CAM script from Brad Lackey (btw, thanks! It
works great!) that reads the 'Other Info' field on the user's smart
card to populate the RDP session info. If no smart card is detected,
the script launches Firefox in an extremely restricted kiosk mode (I'm
using the r-kiosk extension).
David Cuny
Unix/Linux System Admin
State Street Kansas City
[EMAIL PROTECTED]
------------------------------------------------------------------------
_______________________________________________
SunRay-Users mailing list
[email protected]
http://www.filibeto.org/mailman/listinfo/sunray-users
--
*Brad Lackey*
Desktop Product Lead
US Software Practice
(720) 548-3339
[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>
------------------------------------------------------------------------
_______________________________________________
SunRay-Users mailing list
[email protected]
http://www.filibeto.org/mailman/listinfo/sunray-users
--
|
Brad Lackey
Desktop Product Lead
US Software Practice
(720) 548-3339
[EMAIL PROTECTED]
|
_______________________________________________
SunRay-Users mailing list
[email protected]
http://www.filibeto.org/mailman/listinfo/sunray-users
|
begin:vcard
fn:Garry Robbins
n:Robbins;Garry
org:Southwest Technology Group Inc., Sun Microsystems I.S.O.
adr:Suite 804;;148 Fullarton St.;London;ON;N6A 5P3;CA
email;internet:[EMAIL PROTECTED]
title:Technical Account Specialist
tel;work:+1 519 963 2264
tel;fax:+1 519 432 1182
tel;cell:+1 519 902 6472
x-mozilla-html:TRUE
url:http://www.sun.com/
version:2.1
end:vcard
_______________________________________________
SunRay-Users mailing list
[email protected]
http://www.filibeto.org/mailman/listinfo/sunray-users
