• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 887
  • Last Modified:

sudo creating

currently, I am System admin for some solaris servers. but, some of the developers want to have root password in order to install packages.can i create sudo ? how do i create sudo -- and give him pkgadd, pkgrm commands permission ?
0
ramavenkatesa
Asked:
ramavenkatesa
3 Solutions
 
woolmilkporcCommented:
Hi,

get sudo from here -

http://www.sunfreeware.com/indexsparc10.html

Install it and use 'man sudo', 'man sudoers' and 'man visudo' to get familiar with it.

Basically, you have to customize the sudoers file:

Enter 'visudo' (which in turn calls an editor for the sudoers file) and add the following lines:

User_Alias DEVELOPERS=user1,user2,user3
Cmnd_Alias PKG=/usr/bin/pkgadd,/usr/bin/pkgrm

DEVELOPERS  ALL=NOPASSWD:PKG

That's all. Replace user1,user2,user3 with the actual userids of your developers.

Remember that the actul command invocation is done by e.g.

sudo pkgadd ...

Good luck!

Cheers

wmp




0
 
Brian UtterbackPrinciple Software EngineerCommented:
Of course, the right way to do this in Solaris is using RBAC and roles. Just add the "Software Installation" role to
that user, and after that he can run pkgadd and pkgrm using pfexec.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
arthurjbCommented:
I disagree with blu, ...  sudo is the right tool for this job, and is easy to configure.

although sunfreeware is a good resource, I also like blastwave;
http://www.blastwave.org

unlike sunfreeware, the blastwave packages automatically identify any dependencies and loads them.

I find that it is faster and easier than sunfreeware for many common programs.

Either site is better than compiling from the sources, especially if you have a machine that does not have the compilers loaded.

Good Luck !
0
 
Brian UtterbackPrinciple Software EngineerCommented:
The right tool? Please. Giving a user the ability to do a limited set commands to accomplish a set of tasks without
allowing them to do anything else is what RBAC was invented for. And installation of packages is the poster child
of that ability. Plus it is pre-installed and pre-configured for exactly this purpose.

Add a line like this to the end of the /etc/user_attr file:

username::::profiles=Software Installation

That is, for my username, "blu", it would look like:

blu::::profiles=Software Installation

Remember, no quotes around Software Installation, even though there is a space.

That's all there is to it. The next time the user logs in, he can run any of the software install commands by
preceding them with "pfexec":

pfexec pkgadd ...

I alias pf to pfexec to make it even easier. So, in what way is sudo the better tool?



0
 
arthurjbCommented:
Ah, the beauty of having a group of experts.

I believe that you have over simplified setting up RBAC.

Anyway, I think that sudo does the job well, and is better known among the Sys Admin community.

0
 
Brian UtterbackPrinciple Software EngineerCommented:
Nope, That's all there is to it.

It is true that sudo is better known. If you are looking for a solution that will work in a mixed platform arena, then
sudo is your best bet.
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now