Softpanorama

May the source be with you, but remember the KISS principle ;-)
Contents Bulletin Scripting in shell and Perl Network troubleshooting History Humor

Sudo on AIX

News

Sudo

Recommended Links Man page Reference
Solaris RBAC Managing AIX logs History Humor Etc

RPM is available from IBM AIX toolbox.

To install:

Step 1: Download rpm -i sudo-1.6.7p5-3.aix5.1.ppc.rpm from IBM aix toolbox

Step 2: Copy /etc/sudoers from NTI2171 to the server or just uncomment the line in the line

%wheel ALL=(ALL) NOPASSWD: ALL

Step 3: Create wheel group (15) and enroll into it primary (yourself) and secondary admin for the box.

Step 4: You need to enable syslogd in order fro sudo logging work

Note:

rpm is standard way to install programs on linux and is available on AIX by default. For details see man rpm.


Top Visited
Switchboard
Latest
Past week
Past month

NEWS CONTENTS

Old News ;-)

[Oct 10, 2008] Install and configure sudo in AIX - Toolbox for IT Knowledge Sharing Communities

sudo is controlled by its configuration file /etc/sudoers. The program has a rich selection of configuration options and you may like to read the man page for sudoers and examine the sample configuration file which you'll find in sample.sudoers in the source code directory.

The instructions below describe how to create an sudoers file which allows any user to run the /dialup and /hangup scripts defined in Configuring PPP on Solaris to connect to an ISP and allows a particular user to run any command as root.

One potential difficulty is that the /etc/sudoers file must be edited using the visudo program and not directly in your editor of choice. visudo uses the "vi" editor and this means that you need at least a basic understanding of how to use this editor. If you aren't already familiar with vi, you'll have to learn it sooner or later so now's a good time to start! But don't worry if you've never used it before - I'll include enough instruction here to enable you to edit the short file created by the installation process and append a couple of lines to it.

To edit /etc/sudoers, make sure you're logged in as root and type:

  1. /usr/local/sbin/visudo

This starts the vi editor and displays the initial /etc/sudoers file. vi uses what appear at first sight to be commands that aren't exactly intuitive. If you're not familiar with vi, type the following exactly as it appears and note that commands in vi are case sensitive. So don't type a lower-case "g" when the instructions show an upper-case "G".

Move the cursor to the end of the file by typing an upper-case G:

G

and open a new line just beyond the last line in the file by typing a lower-case o:

o

vi is now in "edit" mode and anything you type is inserted into the file. If you want everyone (all users) to be able to run the /hangup and /dialup scripts, type the following:

ALL ALL=/dialup,/hangup

with a TAB character after the first "ALL". That line tells sudo that all users are allowed to execute the scripts /hangup and /dialup as if they were root.

If you want to give just one user, say jim, the ability to run the scripts, type the following instead:

jim ALL=/dialup,/hangup

You may like to add another line telling sudo that your own personal user is allowed to do anything as root. Press the ENTER key and, if your own personal user is mike, you'd type:

mike ALL=(root) ALL

again with a TAB character after "mike".


Finally, switch vi back into command mode by pressing the ESCAPE key and exit vi by typing:

wq

followed by ENTER. If you make a mistake at any time, just press the ESCAPE key followed by:

q!

followed by ENTER and vi will return you to the shell command prompt without making any changes to the file.

6. Using sudo:

sudo is simple to use. To execute a command with root privilege, type:

$ sudo name-of-command

If this is the first time you've used sudo since logging in, sudo will ask for your password. The password required at this point is the user's own password, not the root password. So, if you've logged in as user jane and she wants to start a dialup connection to her ISP, she would type:

  1. sudo /dialup

and sudo responds:

We trust you have received the usual lecture from the local System

Administrator. It usually boils down to these two things:

  1. 1) Respect the privacy of others.
  2. 2) Think before you type.

Password:

Jane would then type her password and sudo will run the /dialup script for her with root privilege. If further commands are executed using sudo within 5 minutes, it will not ask for a password again.

But if Jane were to try and execute a command without having the necessary permission (as defined in the /etc/sudoers file), sudo will refuse to run it:

$ sudo vi /etc/passwd

Sorry, user jane is not allowed to execute "/usr/bin/vi /etc/passwd" as root on sunbeam.

In this example, sunbeam is the name of the machine.


If you'd prefer not to have to type a password at all, replace the two lines in /etc/sudoers with:

ALL NOPASSWD: ALL=/dialup,/hangup mike ALL=(root) NOPASSWD: ALL

[Sep 19, 2008] trouble with syslog and sudo logs

Please note the for AIX you need to enable syslog first.
John Hines bigjohn_101 at hotmail.com
Wed Jan 23 11:58:35 MST 2002
Hi Todd,

  I made the suggested changes and my sudo logs are no longer going to
/var/log/messages, but they are also not going to /var/log/sudo.log.  This
is the current state of my syslog.conf:

# $FreeBSD: src/etc/syslog.conf,v 1.13.2.2 2001/02/26 09:26:11 phk Exp $
#
#       Spaces are NOT valid field separators in this file.
#       Consult the syslog.conf(5) manpage.
*.err;kern.debug;auth.notice;mail.crit          /dev/console
*.notice;kern.debug;lpr.info;mail.crit;news.err;local2.none
/var/log/messages
security.*                                      /var/log/security
mail.info                                       /var/log/maillog
lpr.info                                        /var/log/lpd-errs
cron.*                                          /var/log/cron
*.err                                           root
*.notice;news.err                               root
*.alert                                         root
*.emerg                                         *
# uncomment this to log all writes to /dev/console to /var/log/console.log
#console.info                                   /var/log/console.log
# uncomment this to enable logging of all log messages to /var/log/all.log
#*.*                                            /var/log/all.log
# uncomment this to enable logging to a remote loghost named loghost
#*.*                                            @loghost
# uncomment these if you're running inn
# news.crit                                     /var/log/news/news.crit
# news.err                                      /var/log/news/news.err
# news.notice                                   /var/log/news/news.notice
!startslip
*.*                                             /var/log/slip.log
!ppp
*.*                                             /var/log/ppp.log
# This logs successful and failed sudo attempts to the file
/var/log/sudo.log
local2.debug                                    /var/log/sudo.log

Thanks for the help,

John Hines

----- Original Message -----
From: Todd C. Miller <Todd.Miller at courtesan.com>
To: John Hines <bigjohn_101 at hotmail.com>
Cc: <sudo-users at sudo.ws>
Sent: Tuesday, January 22, 2002 9:49 PM
Subject: Re: trouble with syslog and sudo logs


> In message <OE16SN2uhoSQD5Y54Qt00012596 at hotmail.com>
> so spake "John Hines" (bigjohn_101):
>
> > # $FreeBSD: src/etc/syslog.conf,v 1.13.2.2 2001/02/26 09:26:11 phk Exp $
> > #
> > #       Spaces are NOT valid field separators in this file.
> > #       Consult the syslog.conf(5) manpage.
> > *.err;kern.debug;auth.notice;mail.crit          /dev/console
> > *.notice;kern.debug;lpr.info;mail.crit;news.err /var/log/messages
> > security.*                                      /var/log/security
> > mail.info                                       /var/log/maillog
> > lpr.info                                        /var/log/lpd-errs
> > cron.*                                          /var/log/cron
> > *.err                                           root
> > *.notice;news.err                               root
> > *.alert                                         root
> > *.emerg                                         *
> > # uncomment this to log all writes to /dev/console to =
> > /var/log/console.log
> > #console.info                                   /var/log/console.log
> > # uncomment this to enable logging of all log messages to =
> > /var/log/all.log
> > #*.*                                            /var/log/all.log
> > # uncomment this to enable logging to a remote loghost named loghost
> > #*.*                                            @loghost
> > # uncomment these if you're running inn
> > # news.crit                                     /var/log/news/news.crit
> > # news.err                                      /var/log/news/news.err
> > # news.notice                                   =
> > /var/log/news/news.notice
> > !startslip
> > *.*                                             /var/log/slip.log
> > !ppp
> > *.*                                             /var/log/ppp.log
> > # This logs successful and failed sudo attempts to the file =
> > /var/log/sudo.log
> > local2.debug                                    /var/log/sudo.log
>
> You need to add "local2.none" after the "news.err" in /var/log/messages
> line.  That will keep sudo messages going to /var/log/messages.
>
>  - todd
>

Recommended Links

Softpanorama hot topic of the month

Softpanorama Recommended

Top articles

Sites



Etc

FAIR USE NOTICE This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such material available in our efforts to advance understanding of environmental, political, human rights, economic, democracy, scientific, and social justice issues, etc. We believe this constitutes a 'fair use' of any such copyrighted material as provided for in section 107 of the US Copyright Law. In accordance with Title 17 U.S.C. Section 107, the material on this site is distributed without profit exclusivly for research and educational purposes.   If you wish to use copyrighted material from this site for purposes of your own that go beyond 'fair use', you must obtain permission from the copyright owner. 

ABUSE: IPs or network segments from which we detect a stream of probes might be blocked for no less then 90 days. Multiple types of probes increase this period.  

Society

Groupthink : Two Party System as Polyarchy : Corruption of Regulators : Bureaucracies : Understanding Micromanagers and Control Freaks : Toxic Managers :   Harvard Mafia : Diplomatic Communication : Surviving a Bad Performance Review : Insufficient Retirement Funds as Immanent Problem of Neoliberal Regime : PseudoScience : Who Rules America : Neoliberalism  : The Iron Law of Oligarchy : Libertarian Philosophy

Quotes

War and Peace : Skeptical Finance : John Kenneth Galbraith :Talleyrand : Oscar Wilde : Otto Von Bismarck : Keynes : George Carlin : Skeptics : Propaganda  : SE quotes : Language Design and Programming Quotes : Random IT-related quotesSomerset Maugham : Marcus Aurelius : Kurt Vonnegut : Eric Hoffer : Winston Churchill : Napoleon Bonaparte : Ambrose BierceBernard Shaw : Mark Twain Quotes

Bulletin:

Vol 25, No.12 (December, 2013) Rational Fools vs. Efficient Crooks The efficient markets hypothesis : Political Skeptic Bulletin, 2013 : Unemployment Bulletin, 2010 :  Vol 23, No.10 (October, 2011) An observation about corporate security departments : Slightly Skeptical Euromaydan Chronicles, June 2014 : Greenspan legacy bulletin, 2008 : Vol 25, No.10 (October, 2013) Cryptolocker Trojan (Win32/Crilock.A) : Vol 25, No.08 (August, 2013) Cloud providers as intelligence collection hubs : Financial Humor Bulletin, 2010 : Inequality Bulletin, 2009 : Financial Humor Bulletin, 2008 : Copyleft Problems Bulletin, 2004 : Financial Humor Bulletin, 2011 : Energy Bulletin, 2010 : Malware Protection Bulletin, 2010 : Vol 26, No.1 (January, 2013) Object-Oriented Cult : Political Skeptic Bulletin, 2011 : Vol 23, No.11 (November, 2011) Softpanorama classification of sysadmin horror stories : Vol 25, No.05 (May, 2013) Corporate bullshit as a communication method  : Vol 25, No.06 (June, 2013) A Note on the Relationship of Brooks Law and Conway Law

History:

Fifty glorious years (1950-2000): the triumph of the US computer engineering : Donald Knuth : TAoCP and its Influence of Computer Science : Richard Stallman : Linus Torvalds  : Larry Wall  : John K. Ousterhout : CTSS : Multix OS Unix History : Unix shell history : VI editor : History of pipes concept : Solaris : MS DOSProgramming Languages History : PL/1 : Simula 67 : C : History of GCC developmentScripting Languages : Perl history   : OS History : Mail : DNS : SSH : CPU Instruction Sets : SPARC systems 1987-2006 : Norton Commander : Norton Utilities : Norton Ghost : Frontpage history : Malware Defense History : GNU Screen : OSS early history

Classic books:

The Peter Principle : Parkinson Law : 1984 : The Mythical Man-MonthHow to Solve It by George Polya : The Art of Computer Programming : The Elements of Programming Style : The Unix Haterís Handbook : The Jargon file : The True Believer : Programming Pearls : The Good Soldier Svejk : The Power Elite

Most popular humor pages:

Manifest of the Softpanorama IT Slacker Society : Ten Commandments of the IT Slackers Society : Computer Humor Collection : BSD Logo Story : The Cuckoo's Egg : IT Slang : C++ Humor : ARE YOU A BBS ADDICT? : The Perl Purity Test : Object oriented programmers of all nations : Financial Humor : Financial Humor Bulletin, 2008 : Financial Humor Bulletin, 2010 : The Most Comprehensive Collection of Editor-related Humor : Programming Language Humor : Goldman Sachs related humor : Greenspan humor : C Humor : Scripting Humor : Real Programmers Humor : Web Humor : GPL-related Humor : OFM Humor : Politically Incorrect Humor : IDS Humor : "Linux Sucks" Humor : Russian Musical Humor : Best Russian Programmer Humor : Microsoft plans to buy Catholic Church : Richard Stallman Related Humor : Admin Humor : Perl-related Humor : Linus Torvalds Related humor : PseudoScience Related Humor : Networking Humor : Shell Humor : Financial Humor Bulletin, 2011 : Financial Humor Bulletin, 2012 : Financial Humor Bulletin, 2013 : Java Humor : Software Engineering Humor : Sun Solaris Related Humor : Education Humor : IBM Humor : Assembler-related Humor : VIM Humor : Computer Viruses Humor : Bright tomorrow is rescheduled to a day after tomorrow : Classic Computer Humor

The Last but not Least


Copyright © 1996-2016 by Dr. Nikolai Bezroukov. www.softpanorama.org was created as a service to the UN Sustainable Development Networking Programme (SDNP) in the author free time. This document is an industrial compilation designed and created exclusively for educational use and is distributed under the Softpanorama Content License.

The site uses AdSense so you need to be aware of Google privacy policy. You you do not want to be tracked by Google please disable Javascript for this site. This site is perfectly usable without Javascript.

Original materials copyright belong to respective owners. Quotes are made for educational purposes only in compliance with the fair use doctrine.

FAIR USE NOTICE This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such material available to advance understanding of computer science, IT technology, economic, scientific, and social issues. We believe this constitutes a 'fair use' of any such copyrighted material as provided by section 107 of the US Copyright Law according to which such material can be distributed without profit exclusively for research and educational purposes.

This is a Spartan WHYFF (We Help You For Free) site written by people for whom English is not a native language. Grammar and spelling errors should be expected. The site contain some broken links as it develops like a living tree...

You can use PayPal to make a contribution, supporting development of this site and speed up access. In case softpanorama.org is down you can use the at softpanorama.info

Disclaimer:

The statements, views and opinions presented on this web page are those of the author (or referenced source) and are not endorsed by, nor do they necessarily reflect, the opinions of the author present and former employers, SDNP or any other organization the author may be associated with. We do not warrant the correctness of the information provided or its fitness for any purpose.

Last modified: September 12, 2017