Regresar
-
Título
How is a functional account configured to leverage sudo on Linux/Unix systems in TPAM 2.5.x? -
Descripción
How is a functional account configured to leverage sudo on Linux/Unix systems in TPAM 2.5.x?
What sudo permissions need to be given to the functional account? -
Resolución
To demonstrate, in this article the functional user id on the target system is called 'funcacct'.
1. Create the functional account (funcacct) and set its password.
2. Log in to the Linux/Unix system and use visudo to edit the /etc/sudoers. Add the below lines for the variant of Linux/Unix:
# AIX systemsDefaults:funcacct !requiretty
funcacct ALL=(root) NOPASSWD: /bin/sedfuncacct ALL=(root) NOPASSWD: /usr/bin/passwdfuncacct ALL=(root) NOPASSWD: /usr/bin/pwdadm
# HP-UX systems
Defaults:funcacct !requirettyfuncacct ALL=(root) NOPASSWD: /bin/grepfuncacct ALL=(root) NOPASSWD: /usr/bin/passwdfuncacct ALL=(root) NOPASSWD: /usr/lbin/modprpw
funcacct ALL=(root) NOPASSWD: /bin/sed # Only required for Account Discovery
# Linux and other Unix systems
Defaults:funcacct !requirettyfuncacct ALL=(root) NOPASSWD: /bin/grepfuncacct ALL=(root) NOPASSWD: /usr/bin/passwdfuncacct ALL=(root) NOPASSWD: /bin/sed # Only required for Account Discovery
3. Log into TPAM and go to the *nux system that are configured to be managed by the functional account (funcacct) created.
On the system’s Details tab in the "Delegation Prefix" enter the full path and location of sudo.
E.g.:/usr/bin/sudo
5. Click “Save Changes”, then click “Test System” and a successful message should appear.