Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: AIX 5.3 Using sudo to control smit
Operating Systems AIX AIX 5.3 Using sudo to control smit Post 302578234 by gito on Thursday 1st of December 2011 07:06:20 AM
Old 12-01-2011
I do not think it is a good idea,
any time you can press F9 and you will get out to shell with root privileges.
Then whole idea to limit users to few smitty fast-paths does not have sense any more.
This User Gave Thanks to gito For This Post:
tharrieswk
 

10 More Discussions You Might Find Interesting

1. What is on Your Mind?

AIX Smit menu designer. WinSmit

Hi, Please excuse me for posting an "ad" message here. Over the last few months I have created software called WinSmit, with this tool you can create your own AIX smit menus and corresponding message files. We all know the smit or smitty menus that IBM provides to maintain the system, the... (6 Replies)
Discussion started by: mimyrtek
6 Replies

2. AIX

Install sudo on AIX 5.3

I'm trying to install sudo on AIX 5.3. I don't have a compiler on my machine, so I was trying to find a binary. The one found at http://www.bullfreeware.com/listaix52.html that is supposed to work for 5.3 even though it was compiled on 5.2. The issue is I'm new to AIX and could not figure out how... (3 Replies)
Discussion started by: sphericon
3 Replies

3. UNIX for Dummies Questions & Answers

Probably an easy AIX-SMIT question with mkroute

Hi All, I am on a project and logging into about 100 servers one at a time. One of the steps I am performing is setting up a link with smit mkroute. I am using AIX versions 5.2 and 5.3 Does anyone know a quick command line to set DESTINATION ADDRESS, GATEWAY address, Network MASK, and... (5 Replies)
Discussion started by: jeffpas
5 Replies

4. AIX

AIX 5.3 sudo bootinfo

I am trying to understand why I get "0" returned when I run the command sudo bootinfo -r. I know bootinfo isn't really supported in versions higher then AIX 4.2. I also know that instead of bootinfo -r I could use lsattr -El sys0 -a realmem | awk '{print $2}' and produce the same output as ... (1 Reply)
Discussion started by: maverick9576
1 Replies

5. Solaris

SMIT i AIX Sun Solaris ?

i now when i want use the smit in AIX is possible but a ask if you has in sun same job in sun tel me please awating supports (3 Replies)
Discussion started by: Yalmalki
3 Replies

6. Shell Programming and Scripting

Using expect script with AIX's SMIT in cron

My searches turned up nothing relevant, so I apologize if this has already been looked at. I am trying to run an expect script from a Solaris machine, that ssh's into an AIX machine, and interacts with a SMIT created menu system that runs a few backups for me. The expect script runs fine when... (0 Replies)
Discussion started by: Mariognarly
0 Replies

7. UNIX for Dummies Questions & Answers

control permissions for Active Directory users on AIX

Hello, I've configured an user authentication against Active Directory (Windows Server 2008 R2) on AIX V6 with LDAP. It works fine. And here's my problem: How can I control ldap user permissions on the local AIX machine? E.g. an AD user should be able to write all files of local sys... (1 Reply)
Discussion started by: xia777
1 Replies

8. AIX

How do I killed ideal users from AIX 5.3 smit?

Hi, I'm newbee to AIX and would like to setup a process which kills 1 Hr. ideal users from smit. Please advise for making it work. :) Thanks, Sumit (2 Replies)
Discussion started by: sumit30
2 Replies

9. Cybersecurity

sudo - AIX - User privilege specification

I am planning to implement sudo for users. Under , it looks I have to put the users who need to have sudo access: What are the recommended for users? I don't think I need to give the ALL privilege (i.e ) to AIX users. I'd like to know the commonly used privilege specification for sudo... (1 Reply)
Discussion started by: Daniel Gate
1 Replies

10. AIX

Sudo error on AIX 7.1

Hello, I tried installing sudo on a lab AIX server. It has been successfully installed. but i still see the below errors. />sudo -V Sudo version 1.8.27 Configure options: --prefix=/opt/freeware --sbindir=/opt/freeware/sbin --libdir=/opt/freeware/lib --mandir=/opt/freeware/man... (8 Replies)
Discussion started by: System Admin 77
8 Replies

LEARN ABOUT LINUX

sudo_root

sudo_root(8)						      System Manager's Manual						      sudo_root(8)

NAME

       sudo_root - How to run administrative commands

SYNOPSIS

       sudo command

       sudo -i

INTRODUCTION

       By  default, the password for the user "root" (the system administrator) is locked. This means you cannot login as root or use su. Instead,
       the installer will set up sudo to allow the user that is created during install to run all administrative commands.

       This means that in the terminal you can use sudo for commands that require root privileges. All programs in the menu will use  a  graphical
       sudo to prompt for a password. When sudo asks for a password, it needs your password, this means that a root password is not needed.

       To  run	a  command which requires root privileges in a terminal, simply prepend sudo in front of it. To get an interactive root shell, use
       sudo -i.

ALLOWING OTHER USERS TO RUN SUDO

       By default, only the user who installed the system is permitted to run sudo. To add more administrators, i. e. users who can run sudo,  you
       have to add these users to the group 'admin' by doing one of the following steps:

       * In a shell, do

	   sudo adduser username admin

       * Use the graphical "Users & Groups" program in the "System settings" menu to add the new user to the admin group.

BENEFITS OF USING SUDO

       The benefits of leaving root disabled by default include the following:

       * Users do not have to remember an extra password, which they are likely to forget.

       * The installer is able to ask fewer questions.

       * It  avoids  the  "I  can do anything" interactive login by default - you will be prompted for a password before major changes can happen,
	 which should make you think about the consequences of what you are doing.

       * Sudo adds a log entry of the command(s) run (in /var/log/auth.log).

       * Every attacker trying to brute-force their way into your box will know it has an account named root and will try that first. What they do
	 not know is what the usernames of your other users are.

       * Allows  easy transfer for admin rights, in a short term or long term period, by adding and removing users from the admin group, while not
	 compromising the root account.

       * sudo can be set up with a much more fine-grained security policy.

       * On systems with more than one administrator using sudo avoids sharing a password amongst them.

DOWNSIDES OF USING SUDO

       Although for desktops the benefits of using sudo are great, there are possible issues which need to be noted:

       * Redirecting the output of commands run with sudo can be confusing at first. For instance consider

	   sudo ls > /root/somefile

	 will not work since it is the shell that tries to write to that file. You can use

	   ls | sudo tee /root/somefile

	 to get the behaviour you want.

       * In a lot of office environments the ONLY local user on a system is root. All other users  are	imported  using  NSS  techniques  such	as
	 nss-ldap.  To	setup a workstation, or fix it, in the case of a network failure where nss-ldap is broken, root is required. This tends to
	 leave the system unusable. An extra local user, or an enabled root password is needed here.

GOING BACK TO A TRADITIONAL ROOT ACCOUNT

       This is not recommended!

       To enable the root account (i.e. set a password) use:

	   sudo passwd root

       Afterwards, edit the sudo configuration with sudo visudo and comment out the line

	   %admin  ALL=(ALL) ALL

       to disable sudo access to members of the admin group.

SEE ALSO

       sudo(8), https://wiki.ubuntu.com/RootSudo

								 February 8, 2006						      sudo_root(8)
All times are GMT -4. The time now is 06:16 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy