[uyuni-users] Use non-privileged user for ssh_push registered client
Hi all, I want to use non-root user for ssh-push server registration and patch management. However, I can't find any documentation regarding this. This link https://www.uyuni-project.org/uyuni-docs/uyuni/client-configuration/contact-... only seems to apply for bootstrapping through ssh.
From what I can see, this unprivileged user would need write/read permissions on /etc/yum.repo.d, /etc/apt/sources.list.d or /etc/zypp depending of the OS, and permissions to execute yum/apt/zypper commands. And I guess some extra configurations needed as the Uyuni server will sudo the commands.
Does somebody already worked on this ? Regards, Philippe. Philippe Bidault | Unix Engineer Getronics ________________________________ M. 34617301667 | E. Philippe.Bidault@Getronics.com | W. www.getronics.com Getronics CMC Service Desk Iberia S.L - VAT No:S.L.: B66686262. Registered Office - Getronics CMC Service Desk Iberia S.L, C/Rosselloi, Porcel, 21 planta 11, 08016 Barcelona, Spain. The information transmitted is intended only for use by the addressee and may contain confidential and/or privileged material. Any review, re-transmission, dissemination or other use of it, or the taking of any action in reliance upon this information by persons and/or entities other than the intended recipient is prohibited. If you received this in error, please inform the sender and/or addressee immediately and delete the material. Thank you. Legal disclaimer: http://www.getronics.com/legal/
Hello Philippe, I also met this issue, and was not successful in finding a solution - so I watch for input with interest. My workaround was to issue the curl|bash bootstrap method, running as root from the individual machines. As I was migrating from spacewalk, it was fairly straightforward to do this for many machines using Spacewalk's remote commands. S From: Bidault, Philippe <Philippe.Bidault@Getronics.com> Sent: 22 October 2020 09:12 To: uyuni-users@opensuse.org Subject: [EXTERNAL EMAIL] [uyuni-users] Use non-privileged user for ssh_push registered client Hi all, I want to use non-root user for ssh-push server registration and patch management. However, I can't find any documentation regarding this. This link https://www.uyuni-project.org/uyuni-docs/uyuni/client-configuration/contact-... only seems to apply for bootstrapping through ssh.
From what I can see, this unprivileged user would need write/read permissions on /etc/yum.repo.d, /etc/apt/sources.list.d or /etc/zypp depending of the OS, and permissions to execute yum/apt/zypper commands. And I guess some extra configurations needed as the Uyuni server will sudo the commands.
Does somebody already worked on this ? Regards, Philippe. Philippe Bidault | Unix Engineer Getronics ________________________________ M. 34617301667 | E. Philippe.Bidault@Getronics.com<mailto:Philippe.Bidault@Getronics.com> | W. www.getronics.com<http://www.getronics.com> Getronics CMC Service Desk Iberia S.L - VAT No:S.L.: B66686262. Registered Office - Getronics CMC Service Desk Iberia S.L, C/Rosselloi, Porcel, 21 planta 11, 08016 Barcelona, Spain. The information transmitted is intended only for use by the addressee and may contain confidential and/or privileged material. Any review, re-transmission, dissemination or other use of it, or the taking of any action in reliance upon this information by persons and/or entities other than the intended recipient is prohibited. If you received this in error, please inform the sender and/or addressee immediately and delete the material. Thank you. Legal disclaimer: http://www.getronics.com/legal/
Hi Simon, all I have just created an issue regarding this https://github.com/uyuni-project/uyuni/issues/2793. Philippe. Philippe Bidault | Unix Engineer | Getronics ________________________________ M. 34617301667 | E. Philippe.Bidault@Getronics.com | W. www.getronics.com<https://www.getronics.com> From: Simon Avery <Simon.Avery@atass-sports.co.uk> Sent: 22 October 2020 13:46 To: Bidault, Philippe <Philippe.Bidault@Getronics.com>; uyuni-users@opensuse.org Subject: RE: Use non-privileged user for ssh_push registered client CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe. Hello Philippe, I also met this issue, and was not successful in finding a solution - so I watch for input with interest. My workaround was to issue the curl|bash bootstrap method, running as root from the individual machines. As I was migrating from spacewalk, it was fairly straightforward to do this for many machines using Spacewalk's remote commands. S From: Bidault, Philippe <Philippe.Bidault@Getronics.com<mailto:Philippe.Bidault@Getronics.com>> Sent: 22 October 2020 09:12 To: uyuni-users@opensuse.org<mailto:uyuni-users@opensuse.org> Subject: [EXTERNAL EMAIL] [uyuni-users] Use non-privileged user for ssh_push registered client Hi all, I want to use non-root user for ssh-push server registration and patch management. However, I can't find any documentation regarding this. This link https://www.uyuni-project.org/uyuni-docs/uyuni/client-configuration/contact-... only seems to apply for bootstrapping through ssh.
From what I can see, this unprivileged user would need write/read permissions on /etc/yum.repo.d, /etc/apt/sources.list.d or /etc/zypp depending of the OS, and permissions to execute yum/apt/zypper commands. And I guess some extra configurations needed as the Uyuni server will sudo the commands.
Does somebody already worked on this ? Regards, Philippe. Philippe Bidault | Unix Engineer Getronics ________________________________ M. 34617301667 | E. Philippe.Bidault@Getronics.com<mailto:Philippe.Bidault@Getronics.com> | W. www.getronics.com<http://www.getronics.com> Getronics CMC Service Desk Iberia S.L - VAT No:S.L.: B66686262. Registered Office - Getronics CMC Service Desk Iberia S.L, C/Rosselloi, Porcel, 21 planta 11, 08016 Barcelona, Spain. The information transmitted is intended only for use by the addressee and may contain confidential and/or privileged material. Any review, re-transmission, dissemination or other use of it, or the taking of any action in reliance upon this information by persons and/or entities other than the intended recipient is prohibited. If you received this in error, please inform the sender and/or addressee immediately and delete the material. Thank you. Legal disclaimer: http://www.getronics.com/legal/
participants (2)
-
Bidault, Philippe -
Simon Avery