Web-Based Admin View restricts access to specific operation management GUIs by using user groups in the management server.
The table below shows the groups used for operation management GUIs of PRIMECLUSTER.
GUI name | user group name | Privileges |
|---|---|---|
All GUIs | wvroot | Root authority. This group can execute all operations. |
Cluster Admin | clroot | Root authority. This group can specify settings, execute management commands, and display information. |
cladmin | Administrator authority. This group cannot specify settings. It can execute management commands and display information. | |
clmon | User authority. This group cannot specify settings and cannot execute management commands. It can only display information. | |
GDS (Global Disk Services) | sdxroot | Root authority. This group can use the GDS management view. |
The groups for the operation management GUIs are defined as shown in the above table.
wvroot is a special user group, and is used for Web-Based Admin View and GUIs. Users belonging to this group are granted the highest access privileges for Web-Based Admin View and all kinds of operation management GUIs.
The system administrator can allow different access privileges to users according to the products that the users need to use.
For example, a user who belongs to the "clroot" group but not to "sdxroot" is granted all access privileges when opening the Cluster Admin screen but no access privileges when opening the Global Disk Services (GDS) GUIs.
The following user groups: wvroot, clroot, cladmin, and clmon are automatically created at the installation of PRIMECLUSTER. Since the sdxroot user group cannot be automatically created, if you want to grant the privileges to users for operating the GDS management view, create it on each primary and secondary management servers. The users must also be assigned to these groups. The Web-Based Admin View group membership should maintain consistency among all management servers associated with a specific cluster system.
To register the above group to a user, you should register the group as a Supplemental Group. To register a group as a Supplemental Group, use the usermod(8) or useradd(8) command.
To add a user group to a registered user
# usermod -G wvroot username
To register a new user
# useradd -G wvroot username
Note
When you register a new user, use the passwd(8) command to set a password.
# passwd username
The root user is granted the highest access privilege regardless of which group the root user belongs to.
For details about user groups, see "3.1.1 User group determination" in "PRIMECLUSTER Web-Based Admin View Operation Guide."
When creating the wvroot user group automatically at installation of PRIMECLUSTER, GID (ID number of the group) is not specified. Even if GID is not changed, it does not affect the behavior of the operation management products running on Web-Based Admin View; however, if you want to specify the same GID between the primary management server and the secondary management server, execute the groupadd(8) command or the groupmod(8) command:
When specifying GID before installing PRIMECLUSTER and then creating the wvroot user group
# groupadd -g <GID> wvroot
When changing GID of the wvroot user group after installing PRIMECLUSTER
# groupmod -g <GID> wvroot
