About Using sudo

UNIX system administrators can use the sudoers configuration to grant specific operating system users the ability to run certain commands as a different user, without requiring a password.

This mechanism helps to limit user privileges while still allowing them to execute well-defined commands that require elevated privileges. The /etc/sudoers file defines which users can run which commands as target users. For details on configuring sudo, run the man sudoers and man sudo commands on your UNIX system.

If you enter a command that creates a file, a malicious user could overwrite critical system files. Similarly, if the command spawns a shell, an attacker might be able to run any arbitrary command as the target user. To mitigate these risks, three TimesTen utilities such as ttBulkCp, ttIsql, and ttMigrate have a restricted mode (-restrict) that limits specific capabilities of the programs.

This example shows the use of -restrict with the TimesTen ttIsql utility (see Use ttIsql with Restrict Mode). In the sudoers file, add the following line to allow scott (existing user) run a TimesTen utility ttIsql as the ttadmin user without entering a password with restrict mode:

scott ALL=(ttadmin) NOPASSWD: /TimesTen/instance1/bin/ttIsql -restrict

Allows the scott user to run the following command:

$ sudo -u ttadmin /TimesTen/instance1/bin/ttIsql -restrict