Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

sudo creating

Posted on 2009-05-07
7
852 Views
Last Modified: 2013-12-27
currently, I am System admin for some solaris servers. but, some of the developers want to have root password in order to install packages.can i create sudo ? how do i create sudo -- and give him pkgadd, pkgrm commands permission ?
0
Comment
Question by:ramavenkatesa
7 Comments
 
LVL 68

Accepted Solution

by:
woolmilkporc earned 167 total points
ID: 24328149
Hi,

get sudo from here -

http://www.sunfreeware.com/indexsparc10.html

Install it and use 'man sudo', 'man sudoers' and 'man visudo' to get familiar with it.

Basically, you have to customize the sudoers file:

Enter 'visudo' (which in turn calls an editor for the sudoers file) and add the following lines:

User_Alias DEVELOPERS=user1,user2,user3
Cmnd_Alias PKG=/usr/bin/pkgadd,/usr/bin/pkgrm

DEVELOPERS  ALL=NOPASSWD:PKG

That's all. Replace user1,user2,user3 with the actual userids of your developers.

Remember that the actul command invocation is done by e.g.

sudo pkgadd ...

Good luck!

Cheers

wmp




0
 
LVL 22

Expert Comment

by:blu
ID: 24328455
Of course, the right way to do this in Solaris is using RBAC and roles. Just add the "Software Installation" role to
that user, and after that he can run pkgadd and pkgrm using pfexec.
0
 
LVL 40

Expert Comment

by:omarfarid
ID: 24332799
0
Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
LVL 14

Assisted Solution

by:arthurjb
arthurjb earned 167 total points
ID: 24435718
I disagree with blu, ...  sudo is the right tool for this job, and is easy to configure.

although sunfreeware is a good resource, I also like blastwave;
http://www.blastwave.org

unlike sunfreeware, the blastwave packages automatically identify any dependencies and loads them.

I find that it is faster and easier than sunfreeware for many common programs.

Either site is better than compiling from the sources, especially if you have a machine that does not have the compilers loaded.

Good Luck !
0
 
LVL 22

Assisted Solution

by:blu
blu earned 166 total points
ID: 24440810
The right tool? Please. Giving a user the ability to do a limited set commands to accomplish a set of tasks without
allowing them to do anything else is what RBAC was invented for. And installation of packages is the poster child
of that ability. Plus it is pre-installed and pre-configured for exactly this purpose.

Add a line like this to the end of the /etc/user_attr file:

username::::profiles=Software Installation

That is, for my username, "blu", it would look like:

blu::::profiles=Software Installation

Remember, no quotes around Software Installation, even though there is a space.

That's all there is to it. The next time the user logs in, he can run any of the software install commands by
preceding them with "pfexec":

pfexec pkgadd ...

I alias pf to pfexec to make it even easier. So, in what way is sudo the better tool?



0
 
LVL 14

Expert Comment

by:arthurjb
ID: 24447825
Ah, the beauty of having a group of experts.

I believe that you have over simplified setting up RBAC.

Anyway, I think that sudo does the job well, and is better known among the Sys Admin community.

0
 
LVL 22

Expert Comment

by:blu
ID: 24450758
Nope, That's all there is to it.

It is true that sudo is better known. If you are looking for a solution that will work in a mixed platform arena, then
sudo is your best bet.
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Attention: This article will no longer be maintained. If you have any questions, please feel free to mail me. jgh@FreeBSD.org Please see http://www.freebsd.org/doc/en_US.ISO8859-1/articles/freebsd-update-server/ for the updated article. It is avail…
In tuning file systems on the Solaris Operating System, changing some parameters of a file system usually destroys the data on it. For instance, changing the cache segment block size in the volume of a T3 requires that you delete the existing volu…
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.
In a previous video, we went over how to export a DynamoDB table into Amazon S3.  In this video, we show how to load the export from S3 into a DynamoDB table.

791 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question