cancel
Showing results for 
Search instead for 
Did you mean: 

Setting up Sudo to work with NSS

TraceyBunyard
Level 5
Employee

Do you have any more information on how to setup SUDO? I understand that it is a requirement where we want to communicate via SSH to a Unix Master Server, however there is not much information on how to set this up in the NSS documentation.

1 ACCEPTED SOLUTION

Accepted Solutions

TraceyBunyard
Level 5
Employee

As Unix comes in so many flavours and each implementation can have its own local rules we recommend that if you are unfamiliar with Unix/Sudo you consult with your local Unix administrator. 

One way of setting up sudo (mostly about the folders and the 2 Defaults settings) which may assist you is listed below.

Login as su and edit sudoers file

visudo

 Ensure the following line is commented

# Defaults requiretty

Ensure the following line is not commented

Defaults !visiblepw

 Near the bottom of the file (after the 2 commented %wheel lines) add the following

## Grant NetBackup Self Service the ability to run NetBackup commands

%selfservice ALL=NOPASSWD: /usr/openv/netbackup/bin/*,/usr/openv/netbackup/bin/admincmd/*

 Save the changes

Create a Group on the system called selfservice

groupadd selfservice

 Create a user for NetBackup Self Service to use

Add the user to the selfservice group

ensure password does not expire

useradd netbackupselfservice -G selfservice

passwd netbackupselfservice

chage -m 0 netbackupselfservice

View solution in original post

1 REPLY 1

TraceyBunyard
Level 5
Employee

As Unix comes in so many flavours and each implementation can have its own local rules we recommend that if you are unfamiliar with Unix/Sudo you consult with your local Unix administrator. 

One way of setting up sudo (mostly about the folders and the 2 Defaults settings) which may assist you is listed below.

Login as su and edit sudoers file

visudo

 Ensure the following line is commented

# Defaults requiretty

Ensure the following line is not commented

Defaults !visiblepw

 Near the bottom of the file (after the 2 commented %wheel lines) add the following

## Grant NetBackup Self Service the ability to run NetBackup commands

%selfservice ALL=NOPASSWD: /usr/openv/netbackup/bin/*,/usr/openv/netbackup/bin/admincmd/*

 Save the changes

Create a Group on the system called selfservice

groupadd selfservice

 Create a user for NetBackup Self Service to use

Add the user to the selfservice group

ensure password does not expire

useradd netbackupselfservice -G selfservice

passwd netbackupselfservice

chage -m 0 netbackupselfservice