Sun Identity Manager 8.1 Resources Reference

Required Administrative Privileges

Managing users and groups require that the administrator be root or a member of the security group.

The adapter supports logging in as a standard user, then performing a su command to switch to root (or root-equivalent account) to perform administrative activities. Direct logins as root user are also supported.

The adapter also supports the sudo facility (version 1.6.6 or later), which can be installed on AIX from the AIX Toolbox. The sudo facility allows a system administrator to give certain users (or groups of users) the ability to run some (or all) commands as root or another user.

In addition, if sudo is enabled for a resource, its settings will override those configured on the resource definition page for the root user and admin user.

If you are using sudo, you must set the tty_tickets parameter to true for the commands enabled for the Identity Manager administrator. Refer to the man page for the sudoers file for more information.

The administrator must be granted privileges to run the following commands with sudo:

User, Group, and Security Commands  


NIS Commands  

Miscellaneous Commands  


  • chgroup

  • chgrpmem

  • chsec

  • chuser

  • lsgroup

  • lssec

  • lsuser

  • mkgroup

  • mkuser

  • rmgroup

  • rmuser

  • passwd

  • pwdadm

  • make

  • ypcat

  • ypmatch

  • yppasswd

  • awk

  • cat

  • cd

  • chmod

  • chown

  • cp

  • cut

  • diff

  • echo

  • grep

  • ls

  • mv

  • rm

  • sed

  • sleep

  • sort

  • tail

  • touch

You can use a test connection to test whether

Note –

A test connection can use different command options than a normal provision run.

The adapter provides basic sudo initialization and reset functionality. However, if a resource action is defined and contains a command that requires sudo authorization, then you must specify the sudo command along with the UNIX command. (For example, you must specify sudo useradd instead of just useradd.) Commands requiring sudo must be registerd on the native resource. Use visudo to register these commands.