4.3. Controlling Access to luci
Since the initial release of Red Hat Enterprise Linux 6, the following features have been added to the
page.
- As of Red Hat Enterprise Linux 6.2, the root user or a user who has been granted luci administrator permissions on a system running luci can control access to the various luci components by setting permissions for the individual users on a system.
- As of Red Hat Enterprise Linux 6.3, the root user or a user who has been granted luci administrator permissions can add users to the luci interface and then set the user permissions for that user. You will still need to add that user to the system and set up a password for that user, but this feature allows you to configure permissions for the user before the user has logged in to luci for the first time.
- As of Red Hat Enterprise Linux 6.4, the root user or a user who has been granted luci administrator permissions can also use the luci interface to delete users from the luci interface, which resets any permissions you have configured for that user.
Note
You can modify the way in which luci performs authentication by editing the
/etc/pam.d/luci
file on the system. For information on using Linux-PAM, see the pam
(8) man page.
To add users, delete users, or set the user permissions, log in to luci as
root
or as a user who has previously been granted administrator permissions and click the selection in the upper right corner of the luci screen. This brings up the page, which displays the existing users.
To add a user to the luci interface, click on and enter the name of the user to add. You can then set permissions for that user, although you will still need to set up a password for that user.
To delete users from the luci interface, resetting any permissions you have configured for that user, select the user or users and click on .
To set or change permissions for a user, select the user from the dropdown menu under
. This allows you to set the following permissions:
- Grants the user the same permissions as the root user, with full permissions on all clusters and the ability to set or remove permissions on all other users except root, whose permissions cannot be restricted.
- Allows the user to create new clusters, as described in Section 4.4, “Creating a Cluster”.
- Allows the user to add an existing cluster to the luci interface, as described in Section 5.1, “Adding an Existing Cluster to the luci Interface”.
For each cluster that has been created or imported to luci, you can set the following permissions for the indicated user:
- Allows the user to view the specified cluster.
- Allows the user to modify the configuration for the specified cluster, with the exception of adding and removing cluster nodes.
- Allows the user to manage high-availability services, as described in Section 5.5, “Managing High-Availability Services”.
- Allows the user to manage the individual nodes of a cluster, as described in Section 5.3, “Managing Cluster Nodes”.
- Allows the user to add and delete nodes from a cluster, as described in Section 4.4, “Creating a Cluster”.
- Allows the user to remove a cluster from the luci interface, as described in Section 5.4, “Starting, Stopping, Restarting, and Deleting Clusters”.
Click
for the permissions to take affect, or click to return to the initial values.