Sunday, April 13, 2014

Sudoers File in Isilon - RBAC

 Modify Sudoers File:

Add custom sudoers settings for LDAP groups and users


Main sudoers File: /etc/mcp/templates/sudoers - cannot be modifiable

For creating custom permission settings for LDAP groups,  create new folder  /tmp/sudoers

vi /tmp/sudoers

usr_Alias    HMONITOR=%ldapgroupname
cmd_Alias     ISI_MONITOR = /usr/bin/isi batterysatus*, \
                                                  /usr/bin/isi stat*, \
                                                  /usr/bin/isi status*, \
                                                  /usr/bin/isi_hw_status, \
                                                  /sbin/gmirror status*
HMONITOR ALL=(ALL) NOPASSWD: ISI_MONITOR


cp /tmp/sudoers  /etc/mcp/override


Verify sudoers procedure:   cat /etc/mcp/scripts/sudoers.py

/usr/local/etc/sudoers.d


For Releases after 7.1

Use direct command to edit sudoers file  isi_visudo






No comments:

Post a Comment