<div dir="ltr">Augh. Sorry for the lame-ass question. Forget what I said. Anyway:<div><br></div><div>So, two Solaris 11.2 systems. On one of them I want to run this in a cron job:</div><div>zfs send -RI ${lastsnap} rpool/zones/${zone}@${currsnap} | ssh ${desthost} "zfs recv -o canmount=off -o compression=on -dFuv rpool"<br></div><div>or more generically</div><div><command I run as root> | ssh <dest-host> "command I need to run as root"</div><div><br></div><div>I can set up the SSH keys so this works without passwords, but I only understand how to make that work when 'root' is an account and not a "role". So I guess I should look into how to run commands with a specific user account which can run the zfs command and set up the SSH keys so it works without requiring a password.</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Mar 5, 2015 at 10:43 PM, Trevor Cordes <span dir="ltr"><<a href="mailto:trevor@tecnopolis.ca" target="_blank">trevor@tecnopolis.ca</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">On 2015-03-05 Kevin McGregor wrote:<br>
> I'm using Solaris 11.2. I can do this:<br>
><br>
> logon with an unprivileged account which is allowed to take on the<br>
> 'root' role<br>
> su<br>
> type password<br>
> run privileged command<br>
> end the su<br>
><br>
> This works fine. The privileged command I want to run, though, is to<br>
> SSH to another system with the same account and run the command<br>
> *there* as the remotely privileged account/role, all from a script<br>
> and without (obviously) having to type a password anywhere.<br>
<br>
</span>But your manual process outlined has you typing the password (for su).<br>
If you can't have it be passwordless manually, how can you make it<br>
passwordless when scripted? Give us a manual step-by-step process<br>
first that is passwordless, then we'll worry about scripting it. :-)<br>
<br>
Why is ssh privileged on the middle system? Can't just any user ssh to<br>
the final box?<br>
<span class=""><br>
> I've figured out how to do all this IF root is *not* a role and is a<br>
> regular account. How do I do it while leaving root as a role?<br>
<br>
</span>Sorry, I can't help with roles, I don't use Solaris.<br>
<div class="HOEnZb"><div class="h5">_______________________________________________<br>
Roundtable mailing list<br>
<a href="mailto:Roundtable@muug.mb.ca">Roundtable@muug.mb.ca</a><br>
<a href="http://www.muug.mb.ca/mailman/listinfo/roundtable" target="_blank">http://www.muug.mb.ca/mailman/listinfo/roundtable</a><br>
</div></div></blockquote></div><br></div>