Hi All, im a bit new to Solaris 10 iv been working on Redhat and cant seem to get the sudo working on Solaris 10:D
Iv installed the below packages via pkgadd command:
gcc-4.7.2-sol10-x86-local
libiconv-1.14-sol10-x86-local
libintl-3.4.0-sol10-x86-local
sudo-1.8.13-sol10-x86-local
zlib-1.2.8-sol10-x86-local
The below script I wrote to add the user and edit the sudoers file so that the ccsadmin user can execute the commands listed.
#!/bin/bash
echo "WARNING this script will add user CCSADMIN and Modify permissions to M&R user this server, with predefined passwords, The script will delay for 10secs before it will start
to create accounts"
echo "############################## `sleep 5`############################"
echo "Now adding and Modifying Users"
useradd -d /export/home/ccsadmin -m -s /bin/bash -c "CCS user for Compliance Scanning" ccsadmin
groupadd ccsadmin
mkdir /export/home/ccsadmin/.ssh
cd /export/home/ccsadmin
chown -R ccsadmin:ccsadmin .
chmod 700 /export/home/ccsadmin/.ssh
touch /export/home/ccsadmin/.ssh/authorized_keys
echo "ssh-dss AAAAB3NzaC1kc3MAAACAabEQZiLgxkqz+a3RNl6xI4l26R8fVtzK74bbcVQjTTDwIjz08+aoyPmdiSe7HoO2wKuy/MlWATP0dgtmtGsr755Aj98xg09bm1OwajSbtN2OBBWvq9HvSIdq/yi02SFKQXnxtp1mlSuqueoTLJiO7aceCysEcixRV9VD2lOnljMAAAAVALhTIYQmRkAXJhO+eYM4rm6TieYTAAAAgCWLg+2v16Br7re0IbZHc3juja4Wv6PNKekFmOz/r/1yR9X3S1vFiqlTnhHndRzmgwmPUIH6S1u1szSWC6ldRRyliydt5suot7uvxoAw7qT58r4hVbTl3/q5twCJWfW7xMzKyAwRy6Ssxg4LsxMZd2VClpJZGBqwj1E19Xa9CPyQAAAAgFyj/qnT1CyahPWGppgtL3TbyelZr9/NMvT86xfsVOjwM6rowXLp3mepMDN77IL71/6tQYj5qcHxynFlwBZK5cPqu7YdYpB6Ss23Z0kBzUwEolZaQXesZ/4p7AkhDKjk+md31cpqFpXdpYEgdXGy6TCUJ200vrB1xFtb6aVeMar8 CCS dsa-key-20110210" >> /export/home/ccsadmin/.ssh/authorized_keys
echo "ssh-dss AAAAB3NzaC1kc3MAAACBAMdMrR0Pq7qhn0MI00ZJjCtsJ8rvAWMz7iaBjHZfs78Iy4SIkYS/rOXfZN+YhBlB9WGYmRVnbdEHe/w8zE4wYtRCiF7Xcyh9xFpK0bxJiKFDeQMLDdyiCGpkx85oyy/w466iWNNIzTTiZAE1pOe6KFf6IlNBGJfl4dMe0xlSluKNAAAAFQC+sGFXibhXHT8dKdIr7GX+13pl3QAAAIEAw9f4bs0AMsWN3gYbD4rdrg40Xlop559BW/G6SVcQ9KtS8QZAV2UbbceJnuESAacPUqQVB3NJGi34QuWrVMfOd4plpzi5sK8uyl0lqHGqZODC9uXQxmaKtNoZEcdfoD1v3nvFDiZxFiBDJpvRrmjLTrnVjL7pBQvqmLNMZDRlGvEAAACADqys82qDYpcPifGf2NLl5kuyHz0JpKz+qdI57sOX3dUDFyzLCaPAAG23vd+LRb9PPfNLvJ988t5B+M4kKD91WbNUz3AL0S20j15h6WAMFYpTdkO4k/4391XY28DLs5lxUNGgQEbrIdZqLp5vKPL59gzFRwLDzZjAPa3g4KtD65A= TripWire nCircle" >> /export/home/ccsadmin/.ssh/authorized_keys
chmod 644 /export/home/ccsadmin/.ssh/authorized_keys
chown -R ccsadmin:ccsadmin /export/home/ccsadmin/.ssh/authorized_keys
sleep 3
echo "Adjusting CCSADMIN Sudoers file"
cp /usr/local/etc/sudoers /usr/local/etc/sudoers.backup
echo '#######################'>> /usr/local/etc/sudoers
echo '## Adding ccsadmin and relevant command permissions'>> /usr/local/etc/sudoers
echo 'ccsadmin ALL=(ALL) SETENV: NOPASSWD: SECURITY, NETWORKING, SOFTWARE, SERVICES, LOCATE, STORAGE, DELEGATING, PROCESSES, DRIVERS, !SU, !ACTIVEADMCMDS, !SYSADMCMD, ADMINCMD, E
NVCMDS, NOEXEC: /usr/bin/find, /usr/bin/uptime, /usr/bin/uname, /usr/sbin/dig, /usr/bin/cat, /usr/sbin/ifconfig, /usr/bin/date, /usr/bin/grep, /usr/bin/who, /usr/bin/ypwhich, /us
r/bin/ps, /usr/bin/ls, /usr/bin/who, /usr/bin/id, /usr/bin/strings, /usr/bin/file, /usr/sbin/df, /usr/bin/cksum, /usr/bin/runat, /usr/bin/pkginfo, /usr/sbin/patchadd, /usr/bin/n
etstat, /usr/bin/rpcinfo, /usr/sbin/sysdef, /usr/sbin/routeadm, /usr/sbin/ndd, /usr/bin/mdb, /usr/bin/egrep, /usr/sbin/eeprom, /usr/bin/ulimit -a, /usr/sbin/pkgchk, /usr/bin/svcs
, /usr/bin/ls, /usr/bin/cut' >> /usr/local/etc/sudoers
echo '## End of ccsadmin entry'>> /usr/local/etc/sudoers
echo '#######################'>> /usr/local/etc/sudoers
exit $? #Exit with status 0 (successful. To check this, do echo $? after script execute
This is the Standard Sudoers File
root@tcipidc01 # cat /usr/local/etc/sudoers
# sudoers file.
#
# This file MUST be edited with the 'visudo' command as root.
#
# See the sudoers man page for the details on how to write a sudoers file.
#
# Host alias specification
# User alias specification
# Cmnd alias specification
# Defaults specification
Defaults logfile=/var/log/sudo.log
# Runas alias specification
# User privilege specification
root ALL=(ALL) ALL
ccsadmin ALL=(ALL) ALL
hillsro ALL=(ALL) ALL
# Uncomment to allow people in group wheel to run all commands
# %wheel ALL=(ALL) ALL
%sysadmin ALL=(ALL) ALL
# Same thing without a password
# %wheel ALL=(ALL) NOPASSWD: ALL
%sysadmin ALL=(ALL) ALL
# Samples
# %users ALL=/sbin/mount /cdrom,/sbin/umount /cdrom
# %users localhost=/sbin/shutdown -h now
root@tcipidc01 #
After the script edit the sudoers file it looks like this below:
[root@THC-A-01_NET0 08:48:36 /]#cat /usr/local/etc/sudoers
## sudoers file.
##
## This file MUST be edited with the 'visudo' command as root.
## Failure to use 'visudo' may result in syntax or file permission errors
## that prevent sudo from running.
##
## See the sudoers man page for the details on how to write a sudoers file.
##
##
## Host alias specification
##
## Groups of machines. These may include host names (optionally with wildcards),
## IP addresses, network numbers or netgroups.
# Host_Alias WEBSERVERS = www1, www2, www3
##
## User alias specification
##
## Groups of users. These may consist of user names, uids, Unix groups,
## or netgroups.
# User_Alias ADMINS = millert, dowdy, mikef
##
## Cmnd alias specification
##
## Groups of commands. Often used to group related commands together.
# Cmnd_Alias PROCESSES = /usr/bin/nice, /bin/kill, /usr/bin/renice, \
# /usr/bin/pkill, /usr/bin/top
##
## Defaults specification
##
## You may wish to keep some of the following environment variables
## when running commands via sudo.
##
## Locale settings
# Defaults env_keep += "LANG LANGUAGE LINGUAS LC_* _XKB_CHARSET"
##
## Run X applications through sudo; HOME is used to find the
## .Xauthority file. Note that other programs use HOME to find
## configuration files and this may lead to privilege escalation!
# Defaults env_keep += "HOME"
##
## X11 resource path settings
# Defaults env_keep += "XAPPLRESDIR XFILESEARCHPATH XUSERFILESEARCHPATH"
##
## Desktop path settings
# Defaults env_keep += "QTDIR KDEDIR"
##
## Allow sudo-run commands to inherit the callers' ConsoleKit session
# Defaults env_keep += "XDG_SESSION_COOKIE"
##
## Uncomment to enable special input methods. Care should be taken as
## this may allow users to subvert the command being run via sudo.
# Defaults env_keep += "XMODIFIERS GTK_IM_MODULE QT_IM_MODULE QT_IM_SWITCHER"
##
## Uncomment to enable logging of a command's output, except for
## sudoreplay and reboot. Use sudoreplay to play back logged sessions.
# Defaults log_output
# Defaults!/usr/bin/sudoreplay !log_output
# Defaults!/usr/local/bin/sudoreplay !log_output
# Defaults!/sbin/reboot !log_output
##
## Runas alias specification
##
##
## User privilege specification
##
root ALL=(ALL) ALL
## Uncomment to allow members of group wheel to execute any command
# %wheel ALL=(ALL) ALL
## Same thing without a password
# %wheel ALL=(ALL) NOPASSWD: ALL
## Uncomment to allow members of group sudo to execute any command
# %sudo ALL=(ALL) ALL
## Uncomment to allow any user to run sudo if they know the password
## of the user they are running the command as (root by default).
# Defaults targetpw # Ask for the password of the target user
# ALL ALL=(ALL) ALL # WARNING: only use this together with 'Defaults targetpw'
## Read drop-in files from /usr/local/etc/sudoers.d
## (the '#' here does not indicate a comment)
#includedir /usr/local/etc/sudoers.d
#######################
## Adding ccsadmin and relevant command permissions
ccsadmin ALL=(ALL) SETENV: NOPASSWD: SECURITY, NETWORKING, SOFTWARE, SERVICES, LOCATE, STORAGE, DELEGATING, PROCESSES, DRIVERS, !SU, !ACTIVEADMCMDS, !SYSADMCMD, ADMINCMD, ENVCMDS, NOEXEC: /usr/bin/find, /usr/bin/uptime, /usr/bin/uname, /usr/sbin/dig, /usr/bin/cat, /usr/sbin/ifconfig, /usr/bin/date, /usr/bin/grep, /usr/bin/who, /usr/bin/ypwhich, /usr/bin/ps, /usr/bin/ls, /usr/bin/who, /usr/bin/id, /usr/bin/strings, /usr/bin/file, /usr/sbin/df, /usr/bin/cksum, /usr/bin/runat, /usr/bin/pkginfo, /usr/sbin/patchadd, /usr/bin/netstat, /usr/bin/rpcinfo, /usr/sbin/sysdef, /usr/sbin/routeadm, /usr/sbin/ndd, /usr/bin/mdb, /usr/bin/egrep, /usr/sbin/eeprom, /usr/bin/ulimit -a, /usr/sbin/pkgchk, /usr/bin/svcs, /usr/bin/ls, /usr/bin/cut
## End of ccsadmin entry
#######################
#######################
## Adding ccsadmin and relevant command permissions
ccsadmin ALL=(ALL) SETENV: NOPASSWD: SECURITY, NETWORKING, SOFTWARE, SERVICES, LOCATE, STORAGE, DELEGATING, PROCESSES, DRIVERS, !SU, !ACTIVEADMCMDS, !SYSADMCMD, ADMINCMD, ENVCMDS, NOEXEC: /usr/bin/find, /usr/bin/uptime, /usr/bin/uname, /usr/sbin/dig, /usr/bin/cat, /usr/sbin/ifconfig, /usr/bin/date, /usr/bin/grep, /usr/bin/who, /usr/bin/ypwhich, /usr/bin/ps, /usr/bin/ls, /usr/bin/who, /usr/bin/id, /usr/bin/strings, /usr/bin/file, /usr/sbin/df, /usr/bin/cksum, /usr/bin/runat, /usr/bin/pkginfo, /usr/sbin/patchadd, /usr/bin/netstat, /usr/bin/rpcinfo, /usr/sbin/sysdef, /usr/sbin/routeadm, /usr/sbin/ndd, /usr/bin/mdb, /usr/bin/egrep, /usr/sbin/eeprom, /usr/bin/ulimit -a, /usr/sbin/pkgchk, /usr/bin/svcs, /usr/bin/ls, /usr/bin/cut
## End of ccsadmin entry
#######################
Please advise on how I can get the ccsadmin user to run the sudo commands.
Thanks