-environment : 9105-42A (POWER10), AIX 7.2 (7200-05-08), LPAR Configuration : VIOS Client
-problem: Currently, multiple commands are configured for sudo (password-free) for one user (username: netadmin) across 12 AIX partitions. However, only the NIM partition still requires a password after setting sudo. (Other AIXes allow password-free execution of sudo xxxx.)
-the setting contents:
Added one line for the user "netadmin" to the "User privilege specification" section of /etc/sudoers, immediately following root ALL=(ALL) ALL (edit using visudo)
##
## User privilege specification
##
root ALL=(ALL) ALL
netadmin ALL=(ALL) NOPASSWD: /HACMP/sbin/logha,/usr/sbin/lsdev,/HACMP/sbin/lssrcha,/HACMP/sbin/moveRG,/usr/sbin/ntpq,/HACMP/sbin/psha,/usr/sbin/shutdown,/HACMP/sbin/snap.sh,/usr/sbin/diag
-Verification Results:
The commands set to sudo execution (ex:"ntpq") requires prompts for a entering password.
【Log Excerpt】
KNXX2SV1[/]# su - netadmin
$ whoami
netadmin
$
$ export LANG=C
$
$ ntpq -p
ksh: ntpq: cannot execute
$
$ sudo ntpq -p
Password: <==== the point of this issue
$
$ sudo ntpq -p
Password: <----(entered the netadmin's password)
remote refid st t when poll reach delay offset disp
==============================================================================
*KZ854SV001.ad.k 10.16.0.30 6 u 6 64 377 0.99 -0.218 0.17
$
BTW, The result of sudo -l appears to be fine.
$ sudo -l
User netadmin may run the following commands on KNXX2SV1:
(ALL) NOPASSWD: /HACMP/sbin/logha, /usr/sbin/lsdev, /HACMP/sbin/lssrcha, /HACMP/sbin/moveRG, /usr/sbin/ntpq,
/HACMP/sbin/psha, /usr/sbin/shutdown, /HACMP/sbin/snap.sh, /usr/sbin/diag
(ALL) ALL
$
Q. How can I resolve this issue?
Regards,
Sumi Kaneko.
------------------------------
SUMI KANEKO
------------------------------