AIX Open Source

 View Only
  • 1.  sudo group issue with AIX system connected to AD

    Posted Tue June 01, 2021 01:06 PM
    My AIX systems are tied to AD.  Recently my application folks are complaining about sudo not working.

    I use groups in sudo so that I can assign commands to my application group.  
    %appgroup ALL = APACHECTL, LSOF, SLIBCLEAN, PROCMAP

    If  I do a "sudo -l"  I get error
    Sorry, user userXXX may not run sudo on hostXXX.

    The group I used is defined in AD as "gidNumber".

    I believe this started with the newer versions of sudo.


    ------------------------------
    Vincenzo Giambalvo
    ------------------------------


  • 2.  RE: sudo group issue with AIX system connected to AD

    Posted Fri June 04, 2021 03:57 AM
    This might be a configuration issue. 
    what is the sudo version installed ?
    rpm -qi sudo

    ------------------------------
    Ayappan P
    ------------------------------



  • 3.  RE: sudo group issue with AIX system connected to AD

    Posted Wed June 30, 2021 04:22 PM

    fyi - IBM support explained to me that the sudo behavior in the past was incorrect.  

    This is what I do for my developers and DBA to access the systems.
    addgroup=209    # local AIX group
    dept-appgroup=209  # Microsoft AD group

    I now put both lines in my sudo file.  (I'm really only using the second line.)
    %appgroup ALL = APACHECTL, LSOF, SLIBCLEAN, PROCMAP
    %dept-appgroup ALL = APACHECTL, LSOF, SLIBCLEAN, PROCMAP
    ​​
    This way if I have a local defined group or an AD defined group they both can use sudo.

    old version: sudo-1.6.9p15-2noldap.ppc
    new version: sudo-1.9.5p2-1.ppc



    ------------------------------
    Vincenzo Giambalvo
    ------------------------------