4.3. Controlling Access to luci
Since the initial release of Red Hat Enterprise Linux 6, the following features have been added to the Users and Permisions page.
- As of Red Hat Enterprise Linux 6.2, the root user or a user who has been granted luci administrator permissions on a system running luci can control access to the various luci components by setting permissions for the individual users on a system.
- As of Red Hat Enterprise Linux 6.3, the root user or a user who has been granted luci administrator permissions can add users to the luci interface and then set the user permissions for that user. You will still need to add that user to the system and set up a password for that user, but this feature allows you to configure permissions for the user before the user has logged in to luci for the first time.
- As of Red Hat Enterprise Linux 6.4, the root user or a user who has been granted luci administrator permissions can also use the luci interface to delete users from the luci interface, which resets any permissions you have configured for that user.
You can modify the way in which luci performs authentication by editing the
/etc/pam.d/lucifile on the system. For information on using Linux-PAM, see the
pam(8) man page.
To add users, delete users, or set the user permissions, log in to luci as
rootor as a user who has previously been granted administrator permissions and click the Admin selection in the upper right corner of the luci screen. This brings up the Users and Permissions page, which displays the existing users.
To add a user to the luci interface, click on Add a User and enter the name of the user to add. You can then set permissions for that user, although you will still need to set up a password for that user.
To delete users from the luci interface, resetting any permissions you have configured for that user, select the user or users and click on Delete Selected.
To set or change permissions for a user, select the user from the dropdown menu under User Permissions. This allows you to set the following permissions:
- Luci Administrator
- Grants the user the same permissions as the root user, with full permissions on all clusters and the ability to set or remove permissions on all other users except root, whose permissions cannot be restricted.
- Can Create Clusters
- Allows the user to create new clusters, as described in Section 4.4, “Creating a Cluster”.
- Can Import Existing Clusters
- Allows the user to add an existing cluster to the luci interface, as described in Section 5.1, “Adding an Existing Cluster to the luci Interface”.
For each cluster that has been created or imported to luci, you can set the following permissions for the indicated user:
- Can View This Cluster
- Allows the user to view the specified cluster.
- Can Change the Cluster Configuration
- Allows the user to modify the configuration for the specified cluster, with the exception of adding and removing cluster nodes.
- Can Enable, Disable, Relocate, and Migrate Service Groups
- Allows the user to manage high-availability services, as described in Section 5.5, “Managing High-Availability Services”.
- Can Stop, Start, and Reboot Cluster Nodes
- Allows the user to manage the individual nodes of a cluster, as described in Section 5.3, “Managing Cluster Nodes”.
- Can Add and Delete Nodes
- Allows the user to add and delete nodes from a cluster, as described in Section 4.4, “Creating a Cluster”.
- Can Remove This Cluster from Luci
- Allows the user to remove a cluster from the luci interface, as described in Section 5.4, “Starting, Stopping, Restarting, and Deleting Clusters”.
Click Submit for the permissions to take affect, or click Reset to return to the initial values.