On 2015-03-05 Kevin McGregor wrote:
I'm using Solaris 11.2. I can do this:
logon with an unprivileged account which is allowed to take on the 'root' role su type password run privileged command end the su
This works fine. The privileged command I want to run, though, is to SSH to another system with the same account and run the command *there* as the remotely privileged account/role, all from a script and without (obviously) having to type a password anywhere.
But your manual process outlined has you typing the password (for su). If you can't have it be passwordless manually, how can you make it passwordless when scripted? Give us a manual step-by-step process first that is passwordless, then we'll worry about scripting it. :-)
Why is ssh privileged on the middle system? Can't just any user ssh to the final box?
I've figured out how to do all this IF root is *not* a role and is a regular account. How do I do it while leaving root as a role?
Sorry, I can't help with roles, I don't use Solaris.