Setting up and using sudo to perform commands on target hosts

In a flexible management environment, you can use sudo to allow a substitute user to perform commands on the target host.

Before you begin

Centralized Installation Manager (CIM) only supports the use of username/password authentication with sudo credentials. The sudo option is supported on AIX, HP-UX, Linux, and Solaris operation systems only. The sudo function is an optional feature in some AIX, HP-UX, Linux, or Solaris installations. Make sure the sudo function is installed in the target hosts. Use of public/private key authentication with sudo is not supported. Target hosts must have ssh installed and configure the /etc/sudoers file to give the permission of the user to switch to the target user. In addition, requiretty should not be specified.

About this task

The sudo command allows you to use your own id to log in to the system, then use the sudo command to change to the common user name and run commands on target hosts. Use the following steps to set up your system to use sudo.

Procedure

  1. Edit the setup file: /etc/sudoers.
    1. Log in as root and run the visudo command.
      1. Disable: Defaults requiretty
      2. Authorize the desired user to run /bin/sh in WebSphere.
      For example:
      ## Comment out requiretty 
      #Defaults      requiretty  
      ## These options allow user user1 to switch to user websphere and run /bin/sh 
      user1   ALL=(websphere)     /bin/sh  
      ## This options allow user fmhwong to switch to root and run /bin/sh 
      user1   ALL=(root)     /bin/sh
  2. You can use sudo when using the administrative console:
    1. When registering a new host:
      1. Log in to the administrative console.
      2. Click Target > New host.
      3. Enter the Hostname.
      4. Enter your username and password.
      5. Select the use sudo option.
      6. Enter the sudo username and/or password
    2. In step 2 of the job submission wizard: If you did not check the save security checkbox when registering the host, you must provide the credential information
      1. Log in to the administrative console. Click Submit.
      2. Select a job type and provide a description, click Next.
      3. In the Target authentication section, enter the username.
      4. Select Password authentication and enter your password.
      5. Select Use sudo.
      6. Enter the sudo username and/or sudo password.
  3. You can use sudo when using the wsadmin commands:
    1. You have three sudo paramaters when using wsadmin commands with CIM. For example:
      AdminTask.registerHost('-host host1 -hostProps [[osType linux][username user1]
      [password ******][sudoUsername websphere][saveSecurity true][useSudo true]]')

Results

Users are able to log in using their user name and password and then use sudo to switch to the common user name to run commands on target hosts.


Icon that indicates the type of topic Task topic



Timestamp icon Last updated: March 5, 2017 23:55
File name: tagt_jobmgr_setup_sudo.html