Augh. Sorry for the lame-ass question. Forget what I said. Anyway:

So, two Solaris 11.2 systems. On one of them I want to run this in a cron job:

zfs send -RI ${lastsnap} rpool/zones/${zone}@${currsnap} | ssh ${desthost} "zfs recv -o canmount=off -o compression=on -dFuv rpool"

or more generically

<command I run as root> | ssh <dest-host> "command I need to run as root"

I can set up the SSH keys so this works without passwords, but I only understand how to make that work when 'root' is an account and not a "role". So I guess I should look into how to run commands with a specific user account which can run the zfs command and set up the SSH keys so it works without requiring a password.

On Thu, Mar 5, 2015 at 10:43 PM, Trevor Cordes <trevor@tecnopolis.ca> wrote:

On 2015-03-05 Kevin McGregor wrote:
> I'm using Solaris 11.2. I can do this:
>
> logon with an unprivileged account which is allowed to take on the
> 'root' role
> su
> type password
> run privileged command
> end the su
>
> This works fine. The privileged command I want to run, though, is to
> SSH to another system with the same account and run the command
> *there* as the remotely privileged account/role, all from a script
> and without (obviously) having to type a password anywhere.

But your manual process outlined has you typing the password (for su).
If you can't have it be passwordless manually, how can you make it
passwordless when scripted? Give us a manual step-by-step process
first that is passwordless, then we'll worry about scripting it. :-)

Why is ssh privileged on the middle system? Can't just any user ssh to
the final box?

> I've figured out how to do all this IF root is *not* a role and is a
> regular account. How do I do it while leaving root as a role?

Sorry, I can't help with roles, I don't use Solaris.

_______________________________________________
Roundtable mailing list
Roundtable@muug.mb.ca
http://www.muug.mb.ca/mailman/listinfo/roundtable