3.3. Setting User Permissions

By default, the root user and any user who is a member of the group haclient has full read/write access to the cluster configuration. As of Red Hat Enterprise Linux 6.6, you can use the pcs acl command to set permission for local users to allow read-only or read-write access to the cluster configuration by using access control lists (ACLs).

Setting permissions for local users is a two-step process:

Execute the pcs acl role create... command to create a role which defines the permissions for that role.
Assign the role you created to a user with the pcs acl user create command.

The following example procedure provides read-only access for a cluster configuration to a local user named rouser.

This procedure requires that the user rouser exists on the local system and that the user rouser is a member of the group haclient.
```
adduser rouser
usermod -a -G haclient rouser
```
```
# adduser rouser
# usermod -a -G haclient rouser
```
Copy to Clipboard Toggle word wrap
Enable Pacemaker ACLs with the enable-acl cluster property.
```
pcs property set enable-acl=true --force
```
```
# pcs property set enable-acl=true --force 
```
Copy to Clipboard Toggle word wrap

Create a role named read-only with read-only permissions for the cib.

pcs acl role create read-only description="Read access to cluster" read xpath /cib

# pcs acl role create read-only description="Read access to cluster" read xpath /cib

Copy to Clipboard

Toggle word wrap

Create the user rouser in the pcs ACL system and assign that user the read-only role.
```
pcs acl user create rouser read-only
```
```
# pcs acl user create rouser read-only
```
Copy to Clipboard Toggle word wrap

View the current ACLs.

pcs acl

# pcs acl
User: rouser
  Roles: read-only
Role: read-only
  Description: Read access to cluster
  Permission: read xpath /cib (read-only-read)

Copy to Clipboard

Toggle word wrap

The following example procedure provides write access for a cluster configuration to a local user named wuser.

This procedure requires that the user wuser exists on the local system and that the user wuser is a member of the group haclient.
```
adduser wuser
usermod -a -G haclient wuser
```
```
# adduser wuser
# usermod -a -G haclient wuser
```
Copy to Clipboard Toggle word wrap
Enable Pacemaker ACLs with the enable-acl cluster property.
```
pcs property set enable-acl=true --force
```
```
# pcs property set enable-acl=true --force 
```
Copy to Clipboard Toggle word wrap

Create a role named write-access with write permissions for the cib.

pcs acl role create write-access description="Full access" write xpath /cib

# pcs acl role create write-access description="Full access" write xpath /cib

Copy to Clipboard

Toggle word wrap

Create the user wuser in the pcs ACL system and assign that user the write-access role.
```
pcs acl user create wuser write-access
```
```
# pcs acl user create wuser write-access
```
Copy to Clipboard Toggle word wrap

View the current ACLs.

pcs acl

# pcs acl
User: rouser
  Roles: read-only
User: wuser
  Roles: write-access
Role: read-only
  Description: Read access to cluster
  Permission: read xpath /cib (read-only-read)
Role: write-access
  Description: Full Access
  Permission: write xpath /cib (write-access-write)

Copy to Clipboard

Toggle word wrap

For further information about cluster ACLs, see the help screen for the pcs acl command.

返回顶部

此内容没有您所选择的语言版本。

3.3. Setting User Permissions

学习

尝试、购买和销售

社区

关于红帽文档

让开源更具包容性

關於紅帽

Theme

Red Hat legal and privacy links

Red Hat legal and privacy links