AIX Open Source

 View Only

 Sudo policy in AIX to restrict some commands.

Allwyn Menezes's profile image
Allwyn Menezes posted Wed August 13, 2025 01:32 AM

We want to implement sudo policy to restrict some commands to osadmin user.

How to add in sudo policy,If I want to restrict any command which starts from below aix commands 

chdev
chinet
umount
hostname
rmlv
migratepv
cplv
rmfs
mmshutdown
mmunmount
mmchfs
mmchconfig
mmchcluster
mmdelnode
shutdown 

Adam Waściński's profile image
Adam Waściński posted Wed August 13, 2025 08:34 AM

Hello Allwyn Menezes,

Perhaps a better way would be to use the native AIX mechanism, RBAC: RBAC roles - IBM Documentation
You can assign predefined roles to users (Predefined roles - IBM Documentation) or create your own roles (mkrole) and allow users to execute only specified tasks.

Best regards,
Adam

Phill Rowbottom's profile image
Phill Rowbottom IBM Champion posted Thu August 14, 2025 04:46 AM

Configuring sudo rules on AIX is the same as other OS on which sudo is available.  You allow a user to run a command as another using within the rules (allow listing, not block listing).

Red Hat's documentation may be a good starting point for you https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/8/html/configuring_basic_system_settings/managing-sudo-access_configuring-basic-system-settings

Related Content