Open Source Development

 View Only

 Sudo policy in AIX to restrict some commands.

  • AIX Open Source
Allwyn Menezes's profile image
Allwyn Menezes posted Wed August 13, 2025 01:32 AM

We want to implement sudo policy to restrict some commands to osadmin user.

How to add in sudo policy,If I want to restrict any command which starts from below aix commands 

chdev
chinet
umount
hostname
rmlv
migratepv
cplv
rmfs
mmshutdown
mmunmount
mmchfs
mmchconfig
mmchcluster
mmdelnode
shutdown 


#AIXOpenSource
Adam Waściński's profile image
Adam Waściński posted Wed August 13, 2025 08:34 AM

Hello Allwyn Menezes,

Perhaps a better way would be to use the native AIX mechanism, RBAC: RBAC roles - IBM Documentation
You can assign predefined roles to users (Predefined roles - IBM Documentation) or create your own roles (mkrole) and allow users to execute only specified tasks.

Best regards,
Adam


#AIXOpenSource
Phill Rowbottom's profile image
Phill Rowbottom IBM Champion posted Thu August 14, 2025 04:46 AM

Configuring sudo rules on AIX is the same as other OS on which sudo is available.  You allow a user to run a command as another using within the rules (allow listing, not block listing).

Red Hat's documentation may be a good starting point for you https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/8/html/configuring_basic_system_settings/managing-sudo-access_configuring-basic-system-settings


#AIXOpenSource

Related Content