How to configure ControlMinder rules so that ordinary users can execute root commands using sesudo

Document ID : KB000033278
Last Modified Date : 14/02/2018
Show Technical Document Details

Introduction:

How to configure ControlMinder rules so that ordinary users can execute root commands?

This example demonstrates how to mount a CD volume in Linux/Unix as an ordinary user.

 

Instructions: 

In selang on the local UNIX host

AC> eu dummy password(itsPWD) unix
AC> authorize surrogate USER.root uid(dummy) via(pgm(/opt/CA/AccessControl/bin/sesudo))
AC> er sudo usermount data(/bin/mount) audit(s,f)
AC> authorize sudo usermount id(dummy)
AC> authorize program /opt/CA/AccessControl/bin/sesudo uid(dummy)

 


Login as user dummy and execute

$ /opt/CA/AccessControl/bin/sesudo usermount /dev/sr0 /media/

 

Additional Information:

For more information about the sesudo utility, see the Reference Guide.
https://wiki.ca.com/display/CMINDER12901/sesudo+Utility