dropdown menu

EXTRA - SUDO

SUDO install:

rpm -Uvh sudo*rpm               <--installing from rpm
visudo                          <--editing /etc/sudoers file

example:

ftpuser         ALL=(ALL)       NOPASSWD: ALL    <--which user, on which host, with or without pw, what command can run

cuteadm         ALL=(ALL)       NOPASSWD: /usr/sbin/iptrace, /usr/bin/startsrc, /usr/bin/stopsrc
(do not make too long line, put a line break ("\") if needed, otherwise I had problems)

su - ftpuser
sudo <scriptname>                <--he can run a script (if he were root)

-----------------------------

An example /etc/sudoers file:

# User alias specification
User_Alias      SYS_ADMIN=user1,user2,user3
User_Alias      USR_ADMIN=user4
User_Alias      GRP_ADMIN=user4

# Cmnd alias specification
Cmnd_Alias      ALFA01    =     /usr/local/ALFA01/local/bin/alfa01.sh

Cmnd_Alias      MON_CMNDS=/b10/app/mon/bb/bin/1_prog.sh, \
                /b10/app/mon/bb/bin/2_prog.sh, \
                /b10/app/mon/bb/bin/3_prog.sh, \

Runas_Alias     MON=user5

# User privilege specification
root    ALL=(ALL) ALL

SYS_ADMIN      ALL=NOPASSWD:ALL
USR_ADMIN      ALL= (ALL) NOPASSWD:ALFA01
GRP_ADMIN      ALL= (ALL) NOPASSWD: MON_CMNDS
##
# Override builtin defaults
##
Defaults               syslog=auth
Defaults               logfile=/var/log/sudo.log

10 comments:

Anonymous said...

Where can I download sudo package for AIX 7.1 & the file should be in .bff

Please adivce me ..

Thanks in advance :-)

aix said...

I know only rpm fileset, which can be downloaded here: http://www-03.ibm.com/systems/power/software/aix/linux/toolbox/date.html
I would ask IBM support if bff is needed

Anonymous said...

Thanks for your post :-)
I found latest sudo version in offical sudo site..but I'm confused with sudo package ..
http://www.sudo.ws/sudo/download.html
sudo.1.8.6.8.aix53.pam.bff.gz
sudo.1.8.6.8.aix53.lam.bff.gz
I was confused with PAM & IAM
Which package we need to install ..
Any help ..it would be great :-)

aix said...

I'm not familiar with this PAM and LAM, but probably this will help: http://www.feep.net/PAM/AIX/

Anonymous said...

Thank you very much :-)

Anonymous said...

which one you used PAM or IAM?

subhadip said...

I am having an problem while running a script which requires su -

The command that I need to run is -
echo -e "* ACL_type NFS4\n s:(EVERYONE@): a rwpRWxDaAdcCos\n s:(OWNER@): a rwpRWxDaAdcCos\n s:(GROUP@): a rwpRWxDaAdcCos"|aclput /mount_ACL_233

Now from root, the command is running fine on one of the NFS export which is connected to the AIX client, but the problem comes when i want to run this command from one particular user -

bash-4.2# su - user_g -c "echo -e "* ACL_type NFS4\n s:(EVERYONE@): a rwpRWxDaAdcCos\n s:(OWNER@): a rwpRWxDaAdcCos\n s:(GROUP@): a rwpRWxDaAdcCos"|aclput /mount_ACL_233"
bash: syntax error near unexpected token `('

user_g is an user who has sufficient ACL rights to change the ACL of the mountpoint there. There is no other error/problem from me related to permission of the user. Just I am unable to get how to get the actual error-free single command line for this?

I have tried it with that user only and it passed. But I want to run the whole command in single line. Can anyone help?

aix said...

Hi, I think problem is with the placing of the character: ". In the manual of the command 'su', there is an example:

To run the backup command with root user authority and then return to your original shell, enter:
su root "-c /usr/sbin/backup -9 -u"

In this example the " character is starting before the -c parameter. It looks strange, but using it this way works for me.

Unknown said...

Hi,I need to give all root permissions to a normal user in AIX except shutdown & reboot privilege . Also they should not change any network configurations as well.Can you please suggest,how can I provide this ?
-Thanks
Ajith

Anonymous said...

Hi, when i tried to install sudo rpm packages i am getting the below error. kindly suggest.

# oslevel -s
7100-04-02-1614
# rpm -ivh sudo-1.6.9p15-2noldap.aix5.2.ppc.rpm
package sudo-1.6.9p15-2noldap is for a different operating system
#