Review your favorite Linux distribution.
Go Back > Forums > Other *NIX Forums > AIX
User Name
AIX This forum is for the discussion of IBM AIX.
eserver and other IBM related questions are also on topic.


  Search this Thread
Old 10-25-2010, 11:42 PM   #1
Registered: Feb 2009
Location: Goa(India)-Sharjah(UAE)
Distribution: RHEL,centos,fedora,ubuntu
Posts: 229

Rep: Reputation: 18
sudo install

I Have AIX 5.3 installed in my enviroment here, i am new to aix so dont know how this is to be done if someone can help me
i need to install sudo and configure this for a particular user


/usr/bin/crontab -l


/usr/bin/su - *


/usr/bin/ls -la *




!/usr/bin/su - root, !/usr/bin/su root, !/usr/bin/su - ctxsrvr, !/usr/bin/su - ctxssl, !/usr/bin/su - ingres, !/usr/bin/su - ba, !/usr/bin/su - hvr, !/usr/bin/su - rpl_*, !/usr/bin/su - monjami, !/usr/bin/su - oracle, !/usr/bin/su - mtt, !/usr/bin/su - fax, !/usr/bin/su ctxsrvr, !/usr/bin/su ctxssl, !/usr/bin/su ingres, !/usr/bin/su ba, !/usr/bin/su hvr, !/usr/bin/su rpl_*, !/usr/bin/su monjami, !/usr/bin/su oracle, !/usr/bin/su mtt, !/usr/bin/su fax

please help
Old 10-26-2010, 04:23 PM   #2
LQ Guru
Registered: May 2005
Location: Atlanta Georgia USA
Distribution: Redhat (RHEL), CentOS, Fedora, CoreOS, Debian, FreeBSD, HP-UX, Solaris, SCO
Posts: 6,936
Blog Entries: 14

Rep: Reputation: 1160Reputation: 1160Reputation: 1160Reputation: 1160Reputation: 1160Reputation: 1160Reputation: 1160Reputation: 1160Reputation: 1160
Haven't done it on AIX (I have on Linux, HP-UX and Solaris) but typically you'd install sudo then modify the sudoers file using the visudo command.

Basically you setup something like the following in sudoers:
# User Aliases
User_Alias      <UALIASNAME>  = <login1>[,<login2>] [...]
Here you decide what user alias name to give (e.g. you could call it SPECUSER for "special user" or "billybob" just because you like that name. The login ids are the ones that appear in /etc/password. You can have more than one separated by comma. (Note the brackets are not iteral so shouldn't appear in the file.)

# Command Aliases
Cmnd_Alias      <CALIASNAME1> = /usr/bin/su - <userid1>
Cmnd_Alias      <CALIASNAME2> = /usr/bin/su - <userid2>
Cmnd_Alias      LSOF = /usr/bin/lsof
Here again you decide the alias names you want (we typically base these on the user id we want to allow su access to) for example you might put:
"Cmnd_Alias ORACLE = /usr/bin/su - oracle". The 3rd line is how you grant access to the LSOF command. (The aliasname doesn't have to be LSOF - it could be anything you want so long as it is unique within the suders file.)

# Grants
Here you use the user alias you created and add all the command aliases you want logins in that user alias to have access to. (The "ALL" means all machines but unless you've defined other machines in the sudoers file it doesn't actually give access to any other machines.)
So your final grant might look like:

That would give the logins in SPECUSER access to "su - oracle" and "/usr/bin/lsof".

Note that rather than giving "sudo su - *" and excluding all other user IDs you should do the oposite. Give ONLY "sudo su -" to the IDs you want. You can create a Cmnd_Alias for each ID the user should have access to. By doing this you prevent them from gaining access to a new account they shouldn't have access to later. Personally I can't see any reason any user (other than system administrators) should be allowed to sudo to all other users - it should typically be reserved to admin accounts. If you allow this person to sudo to fred's account for example he might do things as fred that would be logged as being done by fred for which fred might get fired. We do have multiple administrative accounts that we allow users to access as shown above but none that allow one "real" user to become another "real" user. Note that there is a security log for sudo so you can tell when they become another user but won't see what they did once they became that user. However, if you really want to do it the way you said you can in fact negate access by doing that on the grant line.

P.S. I thought AIX had some built in tool that granted root access like sudo but accessed via smitty. Haven't used that but have a vague recollection of seeing it mentioned somewhere.

Last edited by MensaWater; 10-26-2010 at 04:27 PM.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: The Ultimate Sudo FAQ To Sudo Or Not To Sudo? LXer Syndicated Linux News 13 04-13-2013 01:36 AM
$sudo apt-get install... how do you know the name? Delpheno Linux - Newbie 9 05-03-2010 12:28 AM
Problem with SUDO : sudo: pam_authenticate: Module is unknown cristoph_ Linux - Software 2 03-02-2009 07:12 PM
Restricting Editing in Sudo (Advanced Sudo Question) LinuxGeek Linux - Software 4 11-04-2006 03:20 PM
install with sudo cambie Linux - Software 2 12-09-2004 09:48 AM > Forums > Other *NIX Forums > AIX

All times are GMT -5. The time now is 07:47 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration