Solved

sudo creating

Posted on 2009-05-07
7
866 Views
Last Modified: 2013-12-27
currently, I am System admin for some solaris servers. but, some of the developers want to have root password in order to install packages.can i create sudo ? how do i create sudo -- and give him pkgadd, pkgrm commands permission ?
0
Comment
Question by:ramavenkatesa
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 68

Accepted Solution

by:
woolmilkporc earned 167 total points
ID: 24328149
Hi,

get sudo from here -

http://www.sunfreeware.com/indexsparc10.html

Install it and use 'man sudo', 'man sudoers' and 'man visudo' to get familiar with it.

Basically, you have to customize the sudoers file:

Enter 'visudo' (which in turn calls an editor for the sudoers file) and add the following lines:

User_Alias DEVELOPERS=user1,user2,user3
Cmnd_Alias PKG=/usr/bin/pkgadd,/usr/bin/pkgrm

DEVELOPERS  ALL=NOPASSWD:PKG

That's all. Replace user1,user2,user3 with the actual userids of your developers.

Remember that the actul command invocation is done by e.g.

sudo pkgadd ...

Good luck!

Cheers

wmp




0
 
LVL 22

Expert Comment

by:blu
ID: 24328455
Of course, the right way to do this in Solaris is using RBAC and roles. Just add the "Software Installation" role to
that user, and after that he can run pkgadd and pkgrm using pfexec.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 14

Assisted Solution

by:arthurjb
arthurjb earned 167 total points
ID: 24435718
I disagree with blu, ...  sudo is the right tool for this job, and is easy to configure.

although sunfreeware is a good resource, I also like blastwave;
http://www.blastwave.org

unlike sunfreeware, the blastwave packages automatically identify any dependencies and loads them.

I find that it is faster and easier than sunfreeware for many common programs.

Either site is better than compiling from the sources, especially if you have a machine that does not have the compilers loaded.

Good Luck !
0
 
LVL 22

Assisted Solution

by:blu
blu earned 166 total points
ID: 24440810
The right tool? Please. Giving a user the ability to do a limited set commands to accomplish a set of tasks without
allowing them to do anything else is what RBAC was invented for. And installation of packages is the poster child
of that ability. Plus it is pre-installed and pre-configured for exactly this purpose.

Add a line like this to the end of the /etc/user_attr file:

username::::profiles=Software Installation

That is, for my username, "blu", it would look like:

blu::::profiles=Software Installation

Remember, no quotes around Software Installation, even though there is a space.

That's all there is to it. The next time the user logs in, he can run any of the software install commands by
preceding them with "pfexec":

pfexec pkgadd ...

I alias pf to pfexec to make it even easier. So, in what way is sudo the better tool?



0
 
LVL 14

Expert Comment

by:arthurjb
ID: 24447825
Ah, the beauty of having a group of experts.

I believe that you have over simplified setting up RBAC.

Anyway, I think that sudo does the job well, and is better known among the Sys Admin community.

0
 
LVL 22

Expert Comment

by:blu
ID: 24450758
Nope, That's all there is to it.

It is true that sudo is better known. If you are looking for a solution that will work in a mixed platform arena, then
sudo is your best bet.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When you do backups in the Solaris Operating System, the file system must be inactive. Otherwise, the output may be inconsistent. A file system is inactive when it's unmounted or it's write-locked by the operating system. Although the fssnap utility…
Let's say you need to move the data of a file system from one partition to another. This generally involves dismounting the file system, backing it up to tapes, and restoring it to a new partition. You may also copy the file system from one place to…
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.
In a previous video, we went over how to export a DynamoDB table into Amazon S3.  In this video, we show how to load the export from S3 into a DynamoDB table.

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question