In order to provide root privileges to an ordinary user, we need to delegate them to the user. 'sudo' command can be used to accomplish this, but is, by default, not configured for ordinary users such as 'oracle'.
In my tutorial below, I will demonstrate to you how to configure the 'sudo' command for ordinary users such as 'oracle'. I will subsequently demonstrate how to configure privilege delegation in Oracle Enterprise Manager Cloud Control 12c Release 3 too.
Time Duration: 30 Minutes
Configuring privilege delegation in Redhat Enterprise Linux Server 6.0 x86-64 -
1. Log in as root user, or 'su' to root user.
2. Edit the /etc/sudoers file.
3. Hash out the following line from the file mentioned in step 2 -
#Defaults requiretty
3. Locate the following line in the file mentioned in step 2 -
root ALL=(ALL) ALL
4. Add the following line below the line mentioned in step 3 -
oracle ALL=(ALL) ALL
5. Save the file and exit.
You should now be able to login as the 'oracle' user and execute commands as 'root' user using the 'sudo' command.
Configuring privilege delegation in Oracle Solaris 10 x64 -
This may be a bit tedious because you will need to download and install additional packages, and create symbolic links for the sudo program.
Download the following packages:
Navigate to the directory where the packages have been downloaded and execute the following commands in sequence -
$ su
# gunzip libiconv-1.9.2-sol10-x86-local.gz
# pkgadd -d libiconv-1.9.2-sol10-x86-local
# gunzip libgcc-3.4.6-sol10-x86-local.gz
# pkgadd -d libgcc-3.4.6-sol10-x86-local
# gunzip libintl-3.4.0-sol10-x86-local.gz
# pkgadd -d libintl-3.4.0-sol10-x86-local
# gunzip sudo-1.8.3p2-sol10-x86-local.gz
# pkgadd -d sudo-1.8.3p2-sol10-x86-local
Create symbolic links for the sudo program -
# ln -s /usr/local/etc/sudoers /etc/sudoers
# ln -s /usr/local/bin/sudo /bin/sudo
# ln -s /usr/local/bin/sudoedit /bin/sudoedit
Add the 'oracle' user to /etc/sudoers, which has, by default, 440 permissions, so we need to amend them to 777 in order to perform the change:
1. Log in as root user, or 'su' to root user.
2. Edit the /etc/sudoers file.
3. Hash out the following line from the file mentioned in step 2 -
#Defaults requiretty
3. Locate the following line in the file mentioned in step 2 -
root ALL=(ALL) ALL
4. Add the following line below the line mentioned in step 3 -
oracle ALL=(ALL) ALL
5. Save the file and exit.
6. Revert the permissions of /etc/sudoers to 440.
Configuring privilege delegation in Oracle Enterprise Manager Cloud Control 12c Release 3 -
1. Go to Setup->Security->Privilege Delegation in the OEM CC 12c R3 user interface as shown below -
The security dashboard will load. You can select the targets on which you want to configure privilege delegation based on the current type of privilege delegation assigned to them - all, not applicable, none, sudo, or powerbroker. Optionally, you may even search for a host within a selected type.
2. Click 'Go' once you choose the type as mentioned above, or enter the hostname of the target -
Click on the edit icon, on the right hand side, once the targets appear, and wait for the next page to load.
3. The host privilege delegation setting page will load as indicated by the below screenshot:
In my example, I want to configure privilege delegation using 'Sudo', so I have selected the radio button corresponding to 'Sudo'. I have entered the 'Sudo Command' path as /usr/bin/sudo -u %RUNAS% %COMMAND%.
Click 'Update' to begin the privilege delegation configuration process.
4. A confirmation message will be shown asking you whether you want to change the privilege delegation setting of the host -
Click 'Yes' to complete the privilege delegation configuration process.
5. A notification will be shown on the security dashboard stating that the privilege delegation setting has been updated -
You have successfully completed configuring privilege delegation in Oracle Enterprise Manager Cloud Control 12c Release 3!
Hope you had a good time reading this article! :)
In my tutorial below, I will demonstrate to you how to configure the 'sudo' command for ordinary users such as 'oracle'. I will subsequently demonstrate how to configure privilege delegation in Oracle Enterprise Manager Cloud Control 12c Release 3 too.
Time Duration: 30 Minutes
Configuring privilege delegation in Redhat Enterprise Linux Server 6.0 x86-64 -
1. Log in as root user, or 'su' to root user.
2. Edit the /etc/sudoers file.
3. Hash out the following line from the file mentioned in step 2 -
#Defaults requiretty
3. Locate the following line in the file mentioned in step 2 -
root ALL=(ALL) ALL
4. Add the following line below the line mentioned in step 3 -
oracle ALL=(ALL) ALL
5. Save the file and exit.
You should now be able to login as the 'oracle' user and execute commands as 'root' user using the 'sudo' command.
Configuring privilege delegation in Oracle Solaris 10 x64 -
This may be a bit tedious because you will need to download and install additional packages, and create symbolic links for the sudo program.
Download the following packages:
1. SMCliconv
2. SMClgcc346
3. SMClintl
4. SMCsudo
Navigate to the directory where the packages have been downloaded and execute the following commands in sequence -
$ su
# gunzip libiconv-1.9.2-sol10-x86-local.gz
# pkgadd -d libiconv-1.9.2-sol10-x86-local
# gunzip libgcc-3.4.6-sol10-x86-local.gz
# pkgadd -d libgcc-3.4.6-sol10-x86-local
# gunzip libintl-3.4.0-sol10-x86-local.gz
# pkgadd -d libintl-3.4.0-sol10-x86-local
# gunzip sudo-1.8.3p2-sol10-x86-local.gz
# pkgadd -d sudo-1.8.3p2-sol10-x86-local
Create symbolic links for the sudo program -
# ln -s /usr/local/etc/sudoers /etc/sudoers
# ln -s /usr/local/bin/sudo /bin/sudo
# ln -s /usr/local/bin/sudoedit /bin/sudoedit
Add the 'oracle' user to /etc/sudoers, which has, by default, 440 permissions, so we need to amend them to 777 in order to perform the change:
1. Log in as root user, or 'su' to root user.
2. Edit the /etc/sudoers file.
3. Hash out the following line from the file mentioned in step 2 -
#Defaults requiretty
3. Locate the following line in the file mentioned in step 2 -
root ALL=(ALL) ALL
4. Add the following line below the line mentioned in step 3 -
oracle ALL=(ALL) ALL
5. Save the file and exit.
6. Revert the permissions of /etc/sudoers to 440.
Configuring privilege delegation in Oracle Enterprise Manager Cloud Control 12c Release 3 -
1. Go to Setup->Security->Privilege Delegation in the OEM CC 12c R3 user interface as shown below -
The security dashboard will load. You can select the targets on which you want to configure privilege delegation based on the current type of privilege delegation assigned to them - all, not applicable, none, sudo, or powerbroker. Optionally, you may even search for a host within a selected type.
2. Click 'Go' once you choose the type as mentioned above, or enter the hostname of the target -
Click on the edit icon, on the right hand side, once the targets appear, and wait for the next page to load.
3. The host privilege delegation setting page will load as indicated by the below screenshot:
In my example, I want to configure privilege delegation using 'Sudo', so I have selected the radio button corresponding to 'Sudo'. I have entered the 'Sudo Command' path as /usr/bin/sudo -u %RUNAS% %COMMAND%.
Click 'Update' to begin the privilege delegation configuration process.
4. A confirmation message will be shown asking you whether you want to change the privilege delegation setting of the host -
Click 'Yes' to complete the privilege delegation configuration process.
5. A notification will be shown on the security dashboard stating that the privilege delegation setting has been updated -
You have successfully completed configuring privilege delegation in Oracle Enterprise Manager Cloud Control 12c Release 3!
Hope you had a good time reading this article! :)
Edit the /etc/sudoers file.
ReplyDeleteYou should use visudo instead.