All users:
$ getent passwd
All groups:
$ getent group
All groups with a specific user:
$ getent group | grep username
Answer from EEAA on serverfault.comChecking IOMMU Groups in a Live instance of Linux...
Alright--so, I made some progress on my own:
I tried booting Antergos Live, and it allowed me to make command line arguments. It was hanging trying to boot into live on its own and some googling suggested I try the argument modprobe.blacklist=nouveau. After that, I could get into Antergos and it seemed like most of my hardware was working fine in the desktop environment. (Bluetooth wasn't. RIP)
So, I rebooted again and added the arguments intel_iommu=on and iommu=pt. I continued following the guide and got the following info on my IOMMU groups:
[antergos@ant-18.6 ~]$ dmesg | grep -e DMAR -e IOMMU
[ 0.000000] ACPI: DMAR 0x000000003A53D658 0000A8 (v01 INTEL SKL 00000001 INTL 00000001)
[ 0.000000] DMAR: IOMMU enabled
[ 0.003333] DMAR: Host address width 39
[ 0.003333] DMAR: DRHD base: 0x000000fed90000 flags: 0x0
[ 0.003333] DMAR: dmar0: reg_base_addr fed90000 ver 1:0 cap 1c0000c40660462 ecap 7e3ff0505e
[ 0.003333] DMAR: DRHD base: 0x000000fed91000 flags: 0x1
[ 0.003333] DMAR: dmar1: reg_base_addr fed91000 ver 1:0 cap d2008c40660462 ecap f050da
[ 0.003333] DMAR: RMRR base: 0x0000003a26e000 end: 0x0000003a28dfff
[ 0.003333] DMAR: RMRR base: 0x0000003b800000 end: 0x0000003fffffff
[ 0.003333] DMAR-IR: IOAPIC id 2 under DRHD base 0xfed91000 IOMMU 1
[ 0.003333] DMAR-IR: HPET id 0 under DRHD base 0xfed91000
[ 0.003333] DMAR-IR: x2apic is disabled because BIOS sets x2apic opt out bit.
[ 0.003333] DMAR-IR: Use 'intremap=no_x2apic_optout' to override the BIOS setting.
[ 0.003333] DMAR-IR: Enabled IRQ remapping in xapic mode
[ 2.749309] DMAR: No ATSR found
[ 2.749346] DMAR: dmar0: Using Queued invalidation
[ 2.749349] DMAR: dmar1: Using Queued invalidation
[ 2.749496] DMAR: Hardware identity mapping for device 0000:00:00.0
[ 2.749497] DMAR: Hardware identity mapping for device 0000:00:01.0
[ 2.749501] DMAR: Hardware identity mapping for device 0000:00:02.0
[ 2.749503] DMAR: Hardware identity mapping for device 0000:00:14.0
[ 2.749504] DMAR: Hardware identity mapping for device 0000:00:14.2
[ 2.749505] DMAR: Hardware identity mapping for device 0000:00:16.0
[ 2.749506] DMAR: Hardware identity mapping for device 0000:00:17.0
[ 2.749507] DMAR: Hardware identity mapping for device 0000:00:1c.0
[ 2.749508] DMAR: Hardware identity mapping for device 0000:00:1c.4
[ 2.749509] DMAR: Hardware identity mapping for device 0000:00:1d.0
[ 2.749510] DMAR: Hardware identity mapping for device 0000:00:1d.5
[ 2.749512] DMAR: Hardware identity mapping for device 0000:00:1d.6
[ 2.749513] DMAR: Hardware identity mapping for device 0000:00:1f.0
[ 2.749514] DMAR: Hardware identity mapping for device 0000:00:1f.2
[ 2.749515] DMAR: Hardware identity mapping for device 0000:00:1f.3
[ 2.749516] DMAR: Hardware identity mapping for device 0000:00:1f.4
[ 2.749518] DMAR: Hardware identity mapping for device 0000:01:00.0
[ 2.749521] DMAR: Hardware identity mapping for device 0000:3c:00.0
[ 2.749524] DMAR: Hardware identity mapping for device 0000:3d:00.0
[ 2.749527] DMAR: Hardware identity mapping for device 0000:3e:00.0
[ 2.749527] DMAR: Setting RMRR:
[ 2.749528] DMAR: Ignoring identity map for HW passthrough device 0000:00:02.0 [0x3b800000 - 0x3fffffff]
[ 2.749529] DMAR: Ignoring identity map for HW passthrough device 0000:00:14.0 [0x3a26e000 - 0x3a28dfff]
[ 2.749531] DMAR: Prepare 0-16MiB unity mapping for LPC
[ 2.749531] DMAR: Ignoring identity map for HW passthrough device 0000:00:1f.0 [0x0 - 0xffffff]
[ 2.749549] DMAR: Intel(R) Virtualization Technology for Directed I/O
[antergos@ant-18.6 ~]$ #!/bin/bash/
[antergos@ant-18.6 ~]$ shopt -s nullglob
[antergos@ant-18.6 ~]$ for d in /sys/kernel/iommu_groups/*/devices/*; do
> n=${d#*/iommu_groups/*/devices/*}; n=${n%%/*}
> printf 'IOMMU Group %s ' "$n"
> lspci -nns "${d##*/}"
> done;
IOMMU Group 0000:00:00.0 00:00.0 Host bridge [0600]: Intel Corporation Xeon E3-1200 v5/E3-1500 v5/6th Gen Core Processor Host Bridge/DRAM Registers [8086:1910] (rev 07)
IOMMU Group 0000:00:1d.6 00:1d.6 PCI bridge [0604]: Intel Corporation Sunrise Point-H PCI Express Root Port #15 [8086:a11e] (rev f1)
IOMMU Group 0000:00:1f.0 00:1f.0 ISA bridge [0601]: Intel Corporation Sunrise Point-H LPC Controller [8086:a14e] (rev 31)
IOMMU Group 0000:00:1f.2 00:1f.2 Memory controller [0580]: Intel Corporation Sunrise Point-H PMC [8086:a121] (rev 31)
IOMMU Group 0000:00:1f.3 00:1f.3 Audio device [0403]: Intel Corporation Sunrise Point-H HD Audio [8086:a170] (rev 31)
IOMMU Group 0000:00:1f.4 00:1f.4 SMBus [0c05]: Intel Corporation Sunrise Point-H SMBus [8086:a123] (rev 31)
IOMMU Group 0000:3c:00.0 3c:00.0 Non-Volatile memory controller [0108]: Samsung Electronics Co Ltd NVMe SSD Controller SM961/PM961 [144d:a804]
IOMMU Group 0000:3d:00.0 3d:00.0 Ethernet controller [0200]: Qualcomm Atheros Killer E2400 Gigabit Ethernet Controller [1969:e0a1] (rev 10)
IOMMU Group 0000:3e:00.0 3e:00.0 Network controller [0280]: Intel Corporation Wireless 8265 / 8275 [8086:24fd] (rev 78)
IOMMU Group 0000:00:01.0 00:01.0 PCI bridge [0604]: Intel Corporation Xeon E3-1200 v5/E3-1500 v5/6th Gen Core Processor PCIe Controller (x16) [8086:1901] (rev 07)
IOMMU Group 0000:01:00.0 01:00.0 VGA compatible controller [0300]: NVIDIA Corporation GP106M [GeForce GTX 1060 Mobile 3GB] [10de:1c20] (rev a1)
IOMMU Group 0000:00:02.0 00:02.0 VGA compatible controller [0300]: Intel Corporation HD Graphics 530 [8086:191b] (rev 06)
IOMMU Group 0000:00:14.0 00:14.0 USB controller [0c03]: Intel Corporation Sunrise Point-H USB 3.0 xHCI Controller [8086:a12f] (rev 31)
IOMMU Group 0000:00:14.2 00:14.2 Signal processing controller [1180]: Intel Corporation Sunrise Point-H Thermal subsystem [8086:a131] (rev 31)
IOMMU Group 0000:00:16.0 00:16.0 Communication controller [0780]: Intel Corporation Sunrise Point-H CSME HECI #1 [8086:a13a] (rev 31)
IOMMU Group 0000:00:17.0 00:17.0 SATA controller [0106]: Intel Corporation Sunrise Point-H SATA Controller [AHCI mode] [8086:a103] (rev 31)
IOMMU Group 0000:00:1c.0 00:1c.0 PCI bridge [0604]: Intel Corporation Sunrise Point-H PCI Express Root Port #1 [8086:a110] (rev f1)
IOMMU Group 0000:00:1c.4 00:1c.4 PCI bridge [0604]: Intel Corporation Sunrise Point-H PCI Express Root Port #5 [8086:a114] (rev f1)
IOMMU Group 0000:00:1d.0 00:1d.0 PCI bridge [0604]: Intel Corporation Sunrise Point-H PCI Express Root Port #9 [8086:a118] (rev f1)
IOMMU Group 0000:00:1d.5 00:1d.5 PCI bridge [0604]: Intel Corporation Sunrise Point-H PCI Express Root Port #14 [8086:a11d] (rev f1) More on reddit.com Crontab and group washing
Sudoing into Root.
If I'm understanding your requirement correctly then :
-
Add an account that is able to log into your machine (user1) into CyberArk.
-
Add the root account into CyberArk for target machine, into CyberArk.
-
Associate the "user1" account as the logon account for "root" (you can associate logon accounts in the detailed account view).
When someone someone clicks connect on the root account, it will first connect to user1, and then issue an sudo root command automatically.
More on reddit.comIOMMU groups not displaying.
You need to both enable the IOMMU kernel module, and enable VT-d/AMD-Vi in your host UEFI settings, e.g.:
https://wiki.archlinux.org/index.php/PCI_passthrough_via_OVMF#Setting_up_IOMMU
More on reddit.comHow do I add a user to a group?
How do I check what group a file belongs to?
Where are group definitions stored?
Videos
All users:
$ getent passwd
All groups:
$ getent group
All groups with a specific user:
$ getent group | grep username
List users and their groups:
for user in $(awk -F: '{print $1}' /etc/passwd); do groups $user; done
List groups and their users:
cat /etc/group | awk -F: '{print
3, $4}' | while read group gid members; do
members=$members,
4 == $gid {print \",\" \$1}" /etc/passwd);
echo "$group: $members" | sed 's/,,*/ /g';
done