Red Hat Summit Red Hat SummitSupportoConsoleSviluppatoriInizia una provaContatti

Questo contenuto non è disponibile nella lingua selezionata.

3.3. Setting User Permissions

By default, the root user and any user who is a member of the group haclient has full read/write access to the cluster configuration. As of Red Hat Enterprise Linux 6.6, you can use the pcs acl command to set permission for local users to allow read-only or read-write access to the cluster configuration by using access control lists (ACLs).
Setting permissions for local users is a two-step process:
  1. Execute the pcs acl role create... command to create a role which defines the permissions for that role.
  2. Assign the role you created to a user with the pcs acl user create command.
The following example procedure provides read-only access for a cluster configuration to a local user named rouser.
  1. This procedure requires that the user rouser exists on the local system and that the user rouser is a member of the group haclient. 
    # adduser rouser
# usermod -a -G haclient rouser
    Copy to Clipboard Toggle word wrap
  2. Enable Pacemaker ACLs with the enable-acl cluster property. 
    # pcs property set enable-acl=true --force
    Copy to Clipboard Toggle word wrap
  3. Create a role named read-only with read-only permissions for the cib. 
    # pcs acl role create read-only description="Read access to cluster" read xpath /cib
    Copy to Clipboard Toggle word wrap
  4. Create the user rouser in the pcs ACL system and assign that user the read-only role. 
    # pcs acl user create rouser read-only
    Copy to Clipboard Toggle word wrap
  5. View the current ACLs. 
    # pcs acl
User: rouser
  Roles: read-only
Role: read-only
  Description: Read access to cluster
  Permission: read xpath /cib (read-only-read)
    Copy to Clipboard Toggle word wrap
The following example procedure provides write access for a cluster configuration to a local user named wuser.
  1. This procedure requires that the user wuser exists on the local system and that the user wuser is a member of the group haclient. 
    # adduser wuser
# usermod -a -G haclient wuser
    Copy to Clipboard Toggle word wrap
  2. Enable Pacemaker ACLs with the enable-acl cluster property. 
    # pcs property set enable-acl=true --force
    Copy to Clipboard Toggle word wrap
  3. Create a role named write-access with write permissions for the cib. 
    # pcs acl role create write-access description="Full access" write xpath /cib
    Copy to Clipboard Toggle word wrap
  4. Create the user wuser in the pcs ACL system and assign that user the write-access role. 
    # pcs acl user create wuser write-access
    Copy to Clipboard Toggle word wrap
  5. View the current ACLs. 
    # pcs acl
User: rouser
  Roles: read-only
User: wuser
  Roles: write-access
Role: read-only
  Description: Read access to cluster
  Permission: read xpath /cib (read-only-read)
Role: write-access
  Description: Full Access
  Permission: write xpath /cib (write-access-write)
    Copy to Clipboard Toggle word wrap
For further information about cluster ACLs, see the help screen for the pcs acl command.
Red Hat logoGithubredditYoutubeTwitter

Formazione

Prova, acquista e vendi

Community

Informazioni sulla documentazione di Red Hat

Aiutiamo gli utenti Red Hat a innovarsi e raggiungere i propri obiettivi con i nostri prodotti e servizi grazie a contenuti di cui possono fidarsi. Esplora i nostri ultimi aggiornamenti.

Rendiamo l’open source più inclusivo

Red Hat si impegna a sostituire il linguaggio problematico nel codice, nella documentazione e nelle proprietà web. Per maggiori dettagli, visita il Blog di Red Hat.

Informazioni su Red Hat

Forniamo soluzioni consolidate che rendono più semplice per le aziende lavorare su piattaforme e ambienti diversi, dal datacenter centrale all'edge della rete.

Theme

© 2026 Red HatTorna in cima