Unsolved
1 Rookie
•
52 Posts
0
24
onefs system viewer access only
Hi,
We have setup RBAC users to have audit admin rights, so they can assist with troubleshooting issues on our powerscale cluster. As some of these support users will have limited Unix skills, is there a way you can prevent them from interacting with the directory structure completely other than such as ls?
Ideally I want it so they can't even create their own files currently they can create their own files if they have permissions, and as there are some directories that are going to be a lot more open ACLs than they should, but that is a lot of work to replace on 1PB of data.....
My main fear is preventing them from accidently typing in rm -rf / on a directory with too lax permissions
We have set them up with audit role which seems to be the most sensible, but I wondered if anyone had come up with a way to lock down the file structure access even further?
DELL-Josh Cr
Moderator
Moderator
•
8.6K Posts
0
December 18th, 2023 14:05
Hi,
Thanks for your question.
Which version of OneFS are you using? I am not aware of anyway to do this but can check depending on which version you are running.
Let us know if you have any additional questions.
storageSysAdmin
1 Rookie
1 Rookie
•
52 Posts
0
December 20th, 2023 15:22
9.5.0.3 Is there perhaps a way it could be restricted with the users shell?
DELL-Josh Cr
Moderator
Moderator
•
8.6K Posts
0
December 20th, 2023 15:49
Yeah I don’t see anything in the CLI. https://dell.to/3RzoHmV Here is the restricted shell guide https://dell.to/47cnNlQ