Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

sudo creating

Posted on 2009-05-07
7
Medium Priority
?
879 Views
Last Modified: 2013-12-27
currently, I am System admin for some solaris servers. but, some of the developers want to have root password in order to install packages.can i create sudo ? how do i create sudo -- and give him pkgadd, pkgrm commands permission ?
0
Comment
Question by:ramavenkatesa
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 68

Accepted Solution

by:
woolmilkporc earned 668 total points
ID: 24328149
Hi,

get sudo from here -

http://www.sunfreeware.com/indexsparc10.html

Install it and use 'man sudo', 'man sudoers' and 'man visudo' to get familiar with it.

Basically, you have to customize the sudoers file:

Enter 'visudo' (which in turn calls an editor for the sudoers file) and add the following lines:

User_Alias DEVELOPERS=user1,user2,user3
Cmnd_Alias PKG=/usr/bin/pkgadd,/usr/bin/pkgrm

DEVELOPERS  ALL=NOPASSWD:PKG

That's all. Replace user1,user2,user3 with the actual userids of your developers.

Remember that the actul command invocation is done by e.g.

sudo pkgadd ...

Good luck!

Cheers

wmp




0
 
LVL 22

Expert Comment

by:blu
ID: 24328455
Of course, the right way to do this in Solaris is using RBAC and roles. Just add the "Software Installation" role to
that user, and after that he can run pkgadd and pkgrm using pfexec.
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 14

Assisted Solution

by:arthurjb
arthurjb earned 668 total points
ID: 24435718
I disagree with blu, ...  sudo is the right tool for this job, and is easy to configure.

although sunfreeware is a good resource, I also like blastwave;
http://www.blastwave.org

unlike sunfreeware, the blastwave packages automatically identify any dependencies and loads them.

I find that it is faster and easier than sunfreeware for many common programs.

Either site is better than compiling from the sources, especially if you have a machine that does not have the compilers loaded.

Good Luck !
0
 
LVL 22

Assisted Solution

by:blu
blu earned 664 total points
ID: 24440810
The right tool? Please. Giving a user the ability to do a limited set commands to accomplish a set of tasks without
allowing them to do anything else is what RBAC was invented for. And installation of packages is the poster child
of that ability. Plus it is pre-installed and pre-configured for exactly this purpose.

Add a line like this to the end of the /etc/user_attr file:

username::::profiles=Software Installation

That is, for my username, "blu", it would look like:

blu::::profiles=Software Installation

Remember, no quotes around Software Installation, even though there is a space.

That's all there is to it. The next time the user logs in, he can run any of the software install commands by
preceding them with "pfexec":

pfexec pkgadd ...

I alias pf to pfexec to make it even easier. So, in what way is sudo the better tool?



0
 
LVL 14

Expert Comment

by:arthurjb
ID: 24447825
Ah, the beauty of having a group of experts.

I believe that you have over simplified setting up RBAC.

Anyway, I think that sudo does the job well, and is better known among the Sys Admin community.

0
 
LVL 22

Expert Comment

by:blu
ID: 24450758
Nope, That's all there is to it.

It is true that sudo is better known. If you are looking for a solution that will work in a mixed platform arena, then
sudo is your best bet.
0

Featured Post

[Webinar] Lessons on Recovering from Petya

Skyport is working hard to help customers recover from recent attacks, like the Petya worm. This work has brought to light some important lessons. New malware attacks like this can take down your entire environment. Learn from others mistakes on how to prevent Petya like worms.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Let's say you need to move the data of a file system from one partition to another. This generally involves dismounting the file system, backing it up to tapes, and restoring it to a new partition. You may also copy the file system from one place to…
In tuning file systems on the Solaris Operating System, changing some parameters of a file system usually destroys the data on it. For instance, changing the cache segment block size in the volume of a T3 requires that you delete the existing volu…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.
Suggested Courses

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question