Sudo (Super User Do) is a very useful program that allows a system administrator to give certain users the ability to run some (or all) commands as root.
The sudo program can be found on the CD-ROM called “AIX Toolbox for Linux Applications” which comes along with AIX 5L CD-ROM sets.
Following the steps below to install and set up the sudo. This installs the sudo program into /opt/freeware/bin/sudo and links it to /usr/bin/sudo, the visudo script into /opt/freeware/sbin/visudo and links to /usr/sbin/visudo, and the manual page into subdirectories of /opt/freeware/man/man8.
• Log in as root
• Insert the CD-ROM into the CD-ROM/DVD drive. If the drive you choose is not /dev/cd0, substitute the correct device name in the mount command.
# mount –v cdrfs –o ro /dev/cd0 /mnt
# mkdir /tmp/readme
# cp /mnt/README* /tmp/readme
• Use the more command to view the release notes.
# more /tmp/readme/README.toolbox
• To install sudo, run the following
# cd /mnt/RPMS/ppc
# rpm –Uhv sudo-1.6.7p5-3.aix5.1.ppc.rpm
#
• sudo is controlled by its configuration file /etc/sudoers. The program has a rich selection of configuration options and you may like to read the man page for sudoers. Here we create a group called admin for users who need to use sudo command.
# mkgroup admin
• The /etc/sudoers file must be edited using the visudo program and not directly in your editor of choice. visudo uses the "vi" editor and this means that you need at least a basic understanding of how to use this editor. Type visudo command to open and edit file /etc/sudoers to enable group admin to use sudo command.
# visudo
Add group admin into the file /etc/sudoers and save the file:
# sudoers file.
#
# This file MUST be edited with the 'visudo' command as root.
#
# See the sudoers man page for the details on how to write a sudoers file.
#
# Host alias specification
# User alias specification
# Cmnd alias specification
# Defaults specification
# User privilege specification
root ALL=(ALL) ALL
# Uncomment to allow people in group wheel to run all commands
# %wheel ALL=(ALL) ALL
%admin ALL=(ALL) ALL
# Same thing without a password
# %wheel ALL=(ALL) NOPASSWD: ALL
# Samples
# %users ALL=/sbin/mount /cdrom,/sbin/umount /cdrom
# %users localhost=/sbin/shutdown -h now
• Add users hankcen to the group admin to grant access to sudo command.
# groups hankcen
hankcen : system staff
#
# usermod -G staff,admin hankcen
#
# groups hankcen
hankcen : system staff admin
#
• Log in as users hankcen and run sudo su – command with hankcen’s password.
$ sudo –V
$ Sudo version 1.6.7p5
$ sudo su -
Password:
#
# exit
$
• Configure manual page. Log in as hankcen.
$ pwd
/home/hankcen
$ ls -al
total 6
drwxr-xr-x 2 hankcen system 512 Nov 29 19:02 .
drwxr-xr-x 7 bin bin 512 Nov 16 12:29 ..
-rwxr----- 1 hankcen system 305 Nov 29 19:06 .profile
-rw------- 1 hankcen system 834 Nov 29 19:13 .sh_history
-rw------- 1 hankcen system 29 Nov 29 19:06 .vi_history
$ vi .profile
Add environment variable $MANPATH into /home/hankcen/.profile and save it:
…
PATH=/usr/bin:/etc:/usr/sbin:/usr/ucb:$HOME/bin:/usr/bin/X11:/sbin:.
export PATH
…
MANPATH=/usr/man:/opt/freeware/man
export MANPATH
…
if [ -s "$MAIL" ] # This is at Shell startup. In normal
then echo "$MAILMSG" # operation, the Shell checks
fi # periodically.
…
Now, log off and log back in, then you can run
$ man sudo
…
$ man visudo
…
$ man sudoers
…
The sudo program can be found on the CD-ROM called “AIX Toolbox for Linux Applications” which comes along with AIX 5L CD-ROM sets.
Following the steps below to install and set up the sudo. This installs the sudo program into /opt/freeware/bin/sudo and links it to /usr/bin/sudo, the visudo script into /opt/freeware/sbin/visudo and links to /usr/sbin/visudo, and the manual page into subdirectories of /opt/freeware/man/man8.
• Log in as root
• Insert the CD-ROM into the CD-ROM/DVD drive. If the drive you choose is not /dev/cd0, substitute the correct device name in the mount command.
# mount –v cdrfs –o ro /dev/cd0 /mnt
# mkdir /tmp/readme
# cp /mnt/README* /tmp/readme
• Use the more command to view the release notes.
# more /tmp/readme/README.toolbox
• To install sudo, run the following
# cd /mnt/RPMS/ppc
# rpm –Uhv sudo-1.6.7p5-3.aix5.1.ppc.rpm
#
• sudo is controlled by its configuration file /etc/sudoers. The program has a rich selection of configuration options and you may like to read the man page for sudoers. Here we create a group called admin for users who need to use sudo command.
# mkgroup admin
• The /etc/sudoers file must be edited using the visudo program and not directly in your editor of choice. visudo uses the "vi" editor and this means that you need at least a basic understanding of how to use this editor. Type visudo command to open and edit file /etc/sudoers to enable group admin to use sudo command.
# visudo
Add group admin into the file /etc/sudoers and save the file:
# sudoers file.
#
# This file MUST be edited with the 'visudo' command as root.
#
# See the sudoers man page for the details on how to write a sudoers file.
#
# Host alias specification
# User alias specification
# Cmnd alias specification
# Defaults specification
# User privilege specification
root ALL=(ALL) ALL
# Uncomment to allow people in group wheel to run all commands
# %wheel ALL=(ALL) ALL
%admin ALL=(ALL) ALL
# Same thing without a password
# %wheel ALL=(ALL) NOPASSWD: ALL
# Samples
# %users ALL=/sbin/mount /cdrom,/sbin/umount /cdrom
# %users localhost=/sbin/shutdown -h now
• Add users hankcen to the group admin to grant access to sudo command.
# groups hankcen
hankcen : system staff
#
# usermod -G staff,admin hankcen
#
# groups hankcen
hankcen : system staff admin
#
• Log in as users hankcen and run sudo su – command with hankcen’s password.
$ sudo –V
$ Sudo version 1.6.7p5
$ sudo su -
Password:
#
# exit
$
• Configure manual page. Log in as hankcen.
$ pwd
/home/hankcen
$ ls -al
total 6
drwxr-xr-x 2 hankcen system 512 Nov 29 19:02 .
drwxr-xr-x 7 bin bin 512 Nov 16 12:29 ..
-rwxr----- 1 hankcen system 305 Nov 29 19:06 .profile
-rw------- 1 hankcen system 834 Nov 29 19:13 .sh_history
-rw------- 1 hankcen system 29 Nov 29 19:06 .vi_history
$ vi .profile
Add environment variable $MANPATH into /home/hankcen/.profile and save it:
…
PATH=/usr/bin:/etc:/usr/sbin:/usr/ucb:$HOME/bin:/usr/bin/X11:/sbin:.
export PATH
…
MANPATH=/usr/man:/opt/freeware/man
export MANPATH
…
if [ -s "$MAIL" ] # This is at Shell startup. In normal
then echo "$MAILMSG" # operation, the Shell checks
fi # periodically.
…
Now, log off and log back in, then you can run
$ man sudo
…
$ man visudo
…
$ man sudoers
…
Comentarios
Publicar un comentario