Adding sudo Users

This section describes how new OS users can perform priviledged operations through the configuration of the “sudo” capability.

The “sudo” configuration supports very granular authorization to an individual OS user for certain desired commands.

Perform the following procedure for the admusr to enter a password in order to run the commands using sudo access:

1. Log in as admusr on the source server.

   login: admusr
   Password: <current admin user password>

2. Run the following command to check out the plat.admusr.sudo file:

   $ sudo rcstool co /usr/TKLC/plat/etc/sudoers.d/plat.admusr.sudo

3. Run the following command to suppress the NOPASSWD line:

   $ sudo sed -i '/^%admgrp ALL = NOPASSWD: ALL$/ s/^/#/' \
   /usr/TKLC/plat/etc/sudoers.d/plat.admusr.sudo
   

4. Run the following command to check in the plat.admusr.sudo file:

   $ sudo rcstool ci /usr/TKLC/plat/etc/sudoers.d/plat.admusr.sudo “require password”

After making this change, all uses of sudo by the admusr require the admusr password to be entered. Existing documentation does not and will not indicate this.

The sudo configuration file is constructed from piece parts; the syntax is complex, and editing mistakes could leave a system without the required access. For this reason, details of the configuration rules are available through Oracle Help Center (OHC) or by opening a ticket with Oracle technical support.