- M04-admin security
- 单位机器- 删除网卡,新加网卡。 Eth10---220,eth8---221。
- 技巧-
- suse换vmware机器后,仍然是几个新网卡,删除旧的网卡,在新的网卡上重复配置过去的IP信息;
- netapp技巧: 主setup之后,出现两个节点信息,然后分别在两个节点运行setup来加磁盘,并且都用主os上第二块网卡做为源,no regenerate MAC address.
- Storage System access
- Administrative user log in info tracked in /etc/messages
- Administrative operations trackable in /etc/log/auditlog
- RBAC
- Roles,capability,roles,group关系图示.
- Capability
- Login, CLI, security, API
- Roles
- Predefined administrative roles
- Root(all)>Admin(4 capability)>Power>Audit>no
- Groups
- Predefined groups
- Administrators -->admin role(4)
- Power users -power role
- Users - audit role
- Backup operators/Guests/Everyone -none
- Predefined groups
- User
- 本地用户的作用
- 管理用户console登录
- CIFS中
- 没有域的时候用于用户认证.(尤其workgroup模式下)
- NFS
- 提供存储的访问?
- 该账户filerview看不到,只能通过useradmin从命令行看到.
- 维护在/etc/registry中.
- Security admin
- Options security
- Root user can not be removed.
- Only administrative users can log in to the storage system
- 已经做了一个测试,新建立一用户,然后赋予"Power Group",但仍然不能登录,提示User 'u1' denied access - missing required capability: 'login-console'
- Administrative host access
- Adminhost定义:是一个NFS或者CIFS客户端,有能力查看和修改在/etc/下面的配置文件.
- Another options: options trusted.hosts
- Allow only login from trusted.hosts.(定义在)