aix:aix_sudo
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
aix:aix_sudo [2022/09/26 13:38] manu |
aix:aix_sudo [2023/08/17 01:02] (current) manu |
||
|---|---|---|---|
| Line 266: | Line 266: | ||
| further configuration | further configuration | ||
| - | This configuration is a basic one. It’s better to modify the configuration file /etc/security/ldap/ldap.cfg to better match your environment. | + | This configuration is a basic one. It’s better to modify the configuration file **/etc/security/ldap/ldap.cfg** to better match your environment. |
| Here an example of a more complex configuration: | Here an example of a more complex configuration: | ||
| Line 324: | Line 324: | ||
| sudo configuration | sudo configuration | ||
| - | Since a few months, IBM provides a sudo package with IBM Directory Server ldap + ssl support. The package is named sudo_ids. The minimum version is 1.8.20. | + | Since a few months, IBM provides a sudo package with IBM Directory Server ldap + ssl support. The package is named **sudo_ids**. The minimum version is 1.8.20. |
| If you installed yum on AIX(highly recommended), the installation is really easy: | If you installed yum on AIX(highly recommended), the installation is really easy: | ||
| Line 364: | Line 364: | ||
| You can also check if the sudo binary were built with ldap support by running this command: | You can also check if the sudo binary were built with ldap support by running this command: | ||
| - | <cli> | + | <cli prompt='#'> |
| # sudo -V|grep ldap | # sudo -V|grep ldap | ||
| Configure options: --prefix=/opt/freeware --sbindir=/opt/freeware/sbin --mandir=/opt/freeware/share/man --docdir=/opt/freeware/share/doc/sudo_ids-1.8.20p2 --with-logging=syslog --with-aixauth --with-logfac=auth --without-pam --with-env-editor --with-ignore-dot --with-tty-tickets --with-ldap --with-ldap-conf-file=/etc/sudo-ldap.conf | Configure options: --prefix=/opt/freeware --sbindir=/opt/freeware/sbin --mandir=/opt/freeware/share/man --docdir=/opt/freeware/share/doc/sudo_ids-1.8.20p2 --with-logging=syslog --with-aixauth --with-logfac=auth --without-pam --with-env-editor --with-ignore-dot --with-tty-tickets --with-ldap --with-ldap-conf-file=/etc/sudo-ldap.conf | ||
| Line 371: | Line 371: | ||
| </cli> | </cli> | ||
| - | It will also give you the place of the ldap configuration file for sudo. Here it’s /etc/sudo-ldap.conf. | + | It will also give you the place of the ldap configuration file for sudo. Here it’s **/etc/sudo-ldap.conf**. |
| This configuration file is pretty simple to understand: | This configuration file is pretty simple to understand: | ||
| Line 394: | Line 394: | ||
| In production, it’s better to store the bind dn password in the /etc/ldap.secret file. | In production, it’s better to store the bind dn password in the /etc/ldap.secret file. | ||
| - | It’s also mandatory to modify the /etc/netsvc.conf file to allow sudo to use LDAP. | + | It’s also mandatory to modify the **/etc/netsvc.conf** file to allow sudo to use LDAP. |
| <cli> | <cli> | ||
| sudoers = files, ldap | sudoers = files, ldap | ||
| </cli> | </cli> | ||
| + | Example of syntax for /etc/sudoers file | ||
| + | %wheel ALL=(ALL) NOPASSWD: ALL | ||
| + | user01 ALL=NOPASSWD:/usr/sbin/lsdev | ||
| + | | ||
aix/aix_sudo.1664192338.txt.gz · Last modified: 2022/09/26 13:38 by manu
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: GNU Free Documentation License 1.3
