SUDO in HP UX : A small presentation

Here i am going to give a small presentation about the SUDO.

1.Whats's the need for SUDO?
2.How to install SUDO ?
3.How to Configuring SUDO?
4.Alias in SUDO


1.host_alias
2.user_alias
3.runas_alias
4.command_alias


A.Whats's the need for SUDO :

1.SUDO helps an administrator to protect root passwd and at the same time allowing specific users to execute command as root without supplying root.
2.Users and commands can be defined in sudo configuration file /etc/sudoers.
3.Sudo access can be monitored by /var/adm/sudolog (Default path).


B. Installation of SUDO :

After downloading source code distribution you would need to compile sudo program for a particular machine.

# gunzip sudo-1.6.6.tar.gz
# sudo-1.6.6.tar
# tar xvf sudo-1.6.6.tar

Once you have uncompressed and untarred we may proceed with Installation process.

Step 1 : You need to configure Makefile for your system.

This can be done by running configure command under /usr/local/sudo-1.6.6
#cd /usr/local/sudo-1.6.6
# ./configure
#Configuring Sudo version 1.6.6

Step 2 : Now we are ready with customised Makefile for your system.

We can now compile the sudo program on the system.

#cd /usr/local/sudo-1.6.6

#make

Note: make command is located in /usr/bin/make on most systems

We are now ready with complied file for your system and this file need to be installed before we configure sudo.

#make install


C. Configuring SUDO :

After you install sudo successfully on target system you can start configuring SUDO.

you would find file sudoers under /etc after installation

/etc/sudoers.

This is the file where you specify users and commands for the sudo program.
visudo

you may find 4 major Alias
1.host_alias
2.user_alias
3.runas_alias
4.command_alias


User Alias :
========

User alias is a list that can contain any combination of usernames, UID (with # prefix), system group( with a % prefix), netgroups (+ perfix) and other user user-defined alias.

Eg) This may look like below in sudoers file.

# User alias specification
User_Alias DBSPIUSR = ffwdpm,ffwppm,ffwnpm,ffwfpm,ffwjpm

Runas Alias :
=========

A Runas_Alias can contain any of the same elements as the User_Alias; the only difference is that you use Runas_Alias instead of User_Alias in the configuration. The Runas_Alias allows execution of a command as a user other than root.


Host Alias
=======

A Host_Alias is a list of hostnames, IP addresses, or netgroups (with a "+" prefix). The Host_Alias also supports the NOT operator, "!", to negate an entry. You will need to use the fully qualified DNS name if the hostname command on any machine returns the name of the machine in a fully qualified DNS format. The visudo editor will not catch this "error."

Command Alias
============

A Cmnd_Alias is list of one or more commands specified by a full pathname, not just the filename. You can also specify directories and other aliases to commands

Eg)
# Cmnd alias specification
Cmnd_Alias      WEBSTART=/etc/rc3.d/S91cats.web.server
Cmnd_Alias      WEBSTOP=/etc/rc3.d/K91cats.web.server

Cmnd_Alias      SUORACLE = /bin/su - oracle,\
                                        /bin/su oracle,\
                                        /usr/bin/su - oracle,\
                                        /usr/bin/su oracle

1 comments:

Post a Comment

Blogger Tips and TricksLatest Tips And TricksBlogger Tricks