• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 899
  • Last Modified:

sudo creating

currently, I am System admin for some solaris servers. but, some of the developers want to have root password in order to install packages.can i create sudo ? how do i create sudo -- and give him pkgadd, pkgrm commands permission ?
0
ramavenkatesa
Asked:
ramavenkatesa
3 Solutions
 
woolmilkporcCommented:
Hi,

get sudo from here -

http://www.sunfreeware.com/indexsparc10.html

Install it and use 'man sudo', 'man sudoers' and 'man visudo' to get familiar with it.

Basically, you have to customize the sudoers file:

Enter 'visudo' (which in turn calls an editor for the sudoers file) and add the following lines:

User_Alias DEVELOPERS=user1,user2,user3
Cmnd_Alias PKG=/usr/bin/pkgadd,/usr/bin/pkgrm

DEVELOPERS  ALL=NOPASSWD:PKG

That's all. Replace user1,user2,user3 with the actual userids of your developers.

Remember that the actul command invocation is done by e.g.

sudo pkgadd ...

Good luck!

Cheers

wmp




0
 
Brian UtterbackPrinciple Software EngineerCommented:
Of course, the right way to do this in Solaris is using RBAC and roles. Just add the "Software Installation" role to
that user, and after that he can run pkgadd and pkgrm using pfexec.
0
Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

 
arthurjbCommented:
I disagree with blu, ...  sudo is the right tool for this job, and is easy to configure.

although sunfreeware is a good resource, I also like blastwave;
http://www.blastwave.org

unlike sunfreeware, the blastwave packages automatically identify any dependencies and loads them.

I find that it is faster and easier than sunfreeware for many common programs.

Either site is better than compiling from the sources, especially if you have a machine that does not have the compilers loaded.

Good Luck !
0
 
Brian UtterbackPrinciple Software EngineerCommented:
The right tool? Please. Giving a user the ability to do a limited set commands to accomplish a set of tasks without
allowing them to do anything else is what RBAC was invented for. And installation of packages is the poster child
of that ability. Plus it is pre-installed and pre-configured for exactly this purpose.

Add a line like this to the end of the /etc/user_attr file:

username::::profiles=Software Installation

That is, for my username, "blu", it would look like:

blu::::profiles=Software Installation

Remember, no quotes around Software Installation, even though there is a space.

That's all there is to it. The next time the user logs in, he can run any of the software install commands by
preceding them with "pfexec":

pfexec pkgadd ...

I alias pf to pfexec to make it even easier. So, in what way is sudo the better tool?



0
 
arthurjbCommented:
Ah, the beauty of having a group of experts.

I believe that you have over simplified setting up RBAC.

Anyway, I think that sudo does the job well, and is better known among the Sys Admin community.

0
 
Brian UtterbackPrinciple Software EngineerCommented:
Nope, That's all there is to it.

It is true that sudo is better known. If you are looking for a solution that will work in a mixed platform arena, then
sudo is your best bet.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now