Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: How to give sudo access to the personal id's to that of application id in Solaris 10?
Operating Systems Solaris How to give sudo access to the personal id's to that of application id in Solaris 10? Post 302810789 by muraliinfy04 on Wednesday 22nd of May 2013 02:00:30 PM
Old 05-22-2013
How to give sudo access to the personal id's to that of application id in Solaris 10?
Hi,
I am using solaris 10. Requirement is I need to give sudo access to the normal id's to the application userid.

Example:I have an personal id calle "rzynv5" on the solaris server.I have an application id called "gmdidp".Requirement here is when user logged in as rzynv5 next thing he should be able sudo to the application id.
sudo su gmdidp.

Also, how to configure user activity tracking here on the sudo activities

Advance thanks for your replies.
 

9 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

sudo: application install question

I need to install an application on my Sun station and need root privleges to do so. I was given sudo privileges and was told to issue the following command. bash-2.03$ sudo init 0 I've read the man pages for init and understand the purpose of that command. My questions are: 1. From the... (2 Replies)
Discussion started by: forbin24
2 Replies

2. UNIX for Dummies Questions & Answers

Possible to give sudo access to subdirectories?

Say I want to give someone access to /example/directory/* where * equals all the sub directories inside of /example/directory I tried doing something like joe DEV1=(ROOT) /example/directory/ But that doesn't seem to want to work. If I give him the full subdirectory... (3 Replies)
Discussion started by: LordJezo
3 Replies

3. UNIX for Dummies Questions & Answers

How do I give Java developers access to Solaris server

I am new to UNIX administration. I have 10 years of Windows admin experience. I need to know how to give java developers the access they need to install and maintain the applications they are writing. In the Windows world I would make them a local admin on a test server but give them limited... (4 Replies)
Discussion started by: gsander
4 Replies

4. UNIX for Advanced & Expert Users

How to give FTP access to a single user

Hi all, How can i give ftp access to single user on solaris9 system? others should not have the ftp access. i know about ftpusers file in /etc/ftpd but still what about if so many new users are created daily? And now for that single user how can we restict him to ftp the files only from... (2 Replies)
Discussion started by: santhoshkumar_d
2 Replies

5. SCO

how to give Telnet access

Hello, I have recently taken over administration of a Sco Unixware server (Version 7.1.4), but have no previous experience with Unix. I now have the following problem: Most computers on the network are unable to Telnet to the Unix server but some PCs with privileged users can, which is... (7 Replies)
Discussion started by: nicke75
7 Replies

6. Shell Programming and Scripting

ONLY SU Sudo access

Hello All, I want to create a script that will do ONLY su to any user on the server with hpadmin login using sudo. Can anyone let me know how can it do it. Regards Ankit (1 Reply)
Discussion started by: ajaincv
1 Replies

7. Solaris

How to give sudo entry in .profile file in Solaris?

Hi all, In Solaris , What entry should I add in my .profile file in home directory so that every time I don't have to give Sudo's full path like /usr/local/bin/sudo as well as /usr/sbin/ping and it will be Great help if you could tell me how to know what should be added. Please Advice.... (2 Replies)
Discussion started by: manalisharmabe
2 Replies

8. Solaris

Sudo access in Solaris

Install the sudo pkg SFWsudo.tar bash#tar -xvf SFWsudo.tar bash#pkgadd -d . SFWsudo path may be /opt/sfw/bin Make entry the user name in sudoer file path of the sudoer file /opt/sfw/etc/sudoers check with the below command as a user (not as a root user) user1$... (1 Reply)
Discussion started by: Narendiran
1 Replies

9. Shell Programming and Scripting

Script to give a user sudo permissions

Can some one please let me know a script which gives the user sudo permissions? Thanks in advance.... (6 Replies)
Discussion started by: Revanth547
6 Replies

LEARN ABOUT CENTOS

sssd-sudo

SSSD-SUDO(5)						   File Formats and Conventions 					      SSSD-SUDO(5)

NAME

       sssd-sudo - Configuring sudo with the SSSD back end

DESCRIPTION

       This manual page describes how to configure sudo(8) to work with sssd(8) and how SSSD caches sudo rules.

CONFIGURING SUDO TO COOPERATE WITH SSSD

       To enable SSSD as a source for sudo rules, add sss to the sudoers entry in nsswitch.conf(5).

       For example, to configure sudo to first lookup rules in the standard sudoers(5) file (which should contain rules that apply to local users)
       and then in SSSD, the nsswitch.conf file should contain the following line:

	   sudoers: files sss

       More information about configuring the sudoers search order from the nsswitch.conf file as well as information about the LDAP schema that
       is used to store sudo rules in the directory can be found in sudoers.ldap(5).

       Note: in order to use netgroups or IPA hostgroups in sudo rules, you also need to correctly set nisdomainname(1) to your NIS domain name
       (which equals to IPA domain name when using hostgroups).

CONFIGURING SSSD TO FETCH SUDO RULES

       All configuration that is needed on SSSD side is to extend the list of services with "sudo" in [sssd] section of sssd.conf(5). To speed up
       the LDAP lookups, you can also set search base for sudo rules using ldap_sudo_search_base option.

       The following example shows how to configure SSSD to download sudo rules from an LDAP server.

	   [sssd]
	   config_file_version = 2
	   services = nss, pam, sudo
	   domains = EXAMPLE

	   [domain/EXAMPLE]
	   id_provider = ldap
	   sudo_provider = ldap
	   ldap_uri = ldap://example.com
	   ldap_sudo_search_base = ou=sudoers,dc=example,dc=com

       When the SSSD is configured to use IPA as the ID provider, the sudo provider is automatically enabled. The sudo search base is configured
       to use the compat tree (ou=sudoers,$DC).

THE SUDO RULE CACHING MECHANISM

       The biggest challenge, when developing sudo support in SSSD, was to ensure that running sudo with SSSD as the data source provides the same
       user experience and is as fast as sudo but keeps providing the most current set of rules as possible. To satisfy these requirements, SSSD
       uses three kinds of updates. They are referred to as full refresh, smart refresh and rules refresh.

       The smart refresh periodically downloads rules that are new or were modified after the last update. Its primary goal is to keep the
       database growing by fetching only small increments that do not generate large amounts of network traffic.

       The full refresh simply deletes all sudo rules stored in the cache and replaces them with all rules that are stored on the server. This is
       used to keep the cache consistent by removing every rule which was deleted from the server. However, full refresh may produce a lot of
       traffic and thus it should be run only occasionally depending on the size and stability of the sudo rules.

       The rules refresh ensures that we do not grant the user more permission than defined. It is triggered each time the user runs sudo. Rules
       refresh will find all rules that apply to this user, check their expiration time and redownload them if expired. In the case that any of
       these rules are missing on the server, the SSSD will do an out of band full refresh because more rules (that apply to other users) may have
       been deleted.

       If enabled, SSSD will store only rules that can be applied to this machine. This means rules that contain one of the following values in
       sudoHost attribute:

       o   keyword ALL

       o   wildcard

       o   netgroup (in the form "+netgroup")

       o   hostname or fully qualified domain name of this machine

       o   one of the IP addresses of this machine

       o   one of the IP addresses of the network (in the form "address/mask")

       There are many configuration options that can be used to adjust the behavior. Please refer to "ldap_sudo_*" in sssd-ldap(5) and "sudo_*" in
       sssd.conf(5).

SEE ALSO

       sssd(8), sssd.conf(5), sssd-ldap(5), sssd-krb5(5), sssd-simple(5), sssd-ipa(5), sssd-ad(5), sssd-sudo(5),sss_cache(8), sss_debuglevel(8),
       sss_groupadd(8), sss_groupdel(8), sss_groupshow(8), sss_groupmod(8), sss_useradd(8), sss_userdel(8), sss_usermod(8), sss_obfuscate(8),
       sss_seed(8), sssd_krb5_locator_plugin(8), sss_ssh_authorizedkeys(8), sss_ssh_knownhostsproxy(8),pam_sss(8).

AUTHORS

       The SSSD upstream - http://fedorahosted.org/sssd

SSSD
								    06/17/2014							      SSSD-SUDO(5)
All times are GMT -4. The time now is 09:12 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy