Re: Administrative accounts

From: Jim Lane (JLane@TORONTOHYDRO.COM)
Date: Thu Mar 13 2003 - 12:12:15 EST

• Next message: Joel Carmelo Genaro: "Re: Regatta Thoughts..."
• Previous message: Jim Lane: "Re: syslogd daemon stops writing output."
• Maybe in reply to: Shawn Bierman: "Administrative accounts"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I don't remember the syntax right off but you can configure sudo so that
commands
can be executed without a password prompt. if you're unparanoid enough,
that is.

Jim Lane
Sr. Technical Consultant
Network Services
Toronto Hydro
office: (416)-542-2820
cell: (416)-896-8576

>>> BiermanS@METHODISTHEALTH.ORG 12-Mar-03 11:51:43 AM >>>
Is sudo a good substitute for Roles in AIX? The users that will be
using this are those who currently use the root account to get their
jobs done. They are trusted users (myself included) and are our AIX
admins.

If I understand sudo correctly (limited experience with it) a session
goes something like this:
# sudo vi /etc/hosts
password: <enter your own password>
(edit the file)
# vi /etc/hosts (can edit again without using sudo due to a timeout
value that hasn't passed)

Is that correct?

>>> MyersD@GOALAMO.COM 3/11/03 2:58:02 PM >>>
I believe AIX supports the notion of "roles". You can assign various
tasks
to particular users, without giving them root access.

You also may want to investigate sudo.

-----Original Message-----
From: Shawn Bierman [mailto:BiermanS@METHODISTHEALTH.ORG]
Sent: Tuesday, March 11, 2003 3:36 PM
To: aix-l@Princeton.EDU
Subject: Administrative accounts

(resending this, not sure it went out as our smtp server was down.)

Greetings,

Are there any docs floating around that describe groups/roles and/or
UIDs
that you use for setting up administrative accounts? The documentation
in
the AIX library doesn't cover it very in-depth.

I would like to setup accounts that can create users, setup/restart
print
queues and do other various system level task but without granting a
UID of
0 (zero). This would be for an AIX 5.1/5.2 environment.

Does IBM have a doc (or any of you) that describes methods and best
practices for such tasks?

thanks,
-shawn

Shawn L. Bierman
Unix Technical Support Analyst II
Methodist Healthcare
Information Systems
850 Poplar, Building #2
Memphis, TN 38105

• Next message: Joel Carmelo Genaro: "Re: Regatta Thoughts..."
• Previous message: Jim Lane: "Re: syslogd daemon stops writing output."
• Maybe in reply to: Shawn Bierman: "Administrative accounts"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 22:16:39 EDT