test

Sun Identity Manager 8.1 Resources Reference

Required Administrative Privileges

The adapter supports logging in as a standard user, then performing a su command to switch to root (or root-equivalent account) to perform administrative activities. Direct logins as root user are also supported.

The adapter also supports the sudo facility (version 1.6.6 or later), which can be installed on Solaris 9 from a companion CD. sudo allows a system administrator to give certain users (or groups of users) the ability to run some (or all) commands as root or another user.

In addition, if sudo is enabled for a resource, its settings will override those configured on the resource definition page for the root user.

If you are using sudo, you must set the tty_tickets parameter to true for the commands enabled for the Identity Manager administrator. Refer to the man page for the sudoers file for more information.

The administrator must be granted privileges to run the following commands with sudo:

User and Group Commands  

 

Miscellaneous Commands  

 

  • chsh

  • groupadd

  • groupdel

  • groupmod

  • last

  • passwd

  • useradd

  • userdel

  • usermod

  • awk

  • cat

  • chmod

  • chown

  • cp

  • cut

  • diff

  • echo

  • grep

  • ln

  • ls

  • mv

  • ps

  • rm

  • sed

  • sort

  • tail

  • touch

The adapter does not support NIS commands with sudo, because the yppasswd command requires the root password.

You can use a test connection to test whether

A test connection can use different command options than a typical provision run.

The adapter provides basic sudo initialization and reset functionality. However, if a resource action is defined and contains a command that requires sudo authorization, then you must specify the sudo command along with the UNIX command. (For example, you must specify sudo useradd instead of just useradd.) Commands requiring sudo must be registerd on the native resource. Use visudo to register these commands.