On 2015-03-06 Kevin McGregor wrote:
Augh. Sorry for the lame-ass question. Forget what I said. Anyway:
<command I run as root> | ssh <dest-host> "command I need to run as root"
I can set up the SSH keys so this works without passwords, but I only understand how to make that work when 'root' is an account and not a "role". So I guess I should look into how to run commands with a specific user account which can run the zfs command and set up the SSH keys so it works without requiring a password.
1. Setup sudo(ers) (I'm sure Solaris has an equivalent?) for the "command I need to run as root" on <dest-host> so that the normal user can run said command as root without root creds or pw's at all.
or
2. Allow root login in ssh and lock down that box's firewall (if it has one) to only allow ssh from trusted IPs. If you want to make that policy leap, and are allowed to. (Sure, it's not perfect.) I never understood, really, why people don't like ssh allow-root, because a determined hacker who got your user creds can just plant a logger and capture your root creds when you first su into root anyhow, or just get your root creds the same way they got your user creds. And root escalation vulns are the most common thing around. So all you do is slow them down a bit, which is a good thing mind you, but root ssh is *so* handy to have... but I digress.
Again, I have no idea about Solaris "roles" and how it helps/hinders you. Perhaps you could give a brief explanation of Solaris roles? If for nothing more than my curiosity.
Sorry if the linux-ish of my answers is unhelpful for Solaris. I tried, so you're not left with nothing but crickets.