Run as User - Nolio "Sudo" Version

Document ID : KB000019754
Last Modified Date : 14/02/2018
Show Technical Document Details

Description:

Starting from Nolio ASAP V3.3, each action can run with specific user credentials (Please refer to the installation and administration guide for more information) by providing the relevant user credentials.

In some cases, the user we want to run as is powerful user (e.g. root user) where it is password restricted and not available. In those cases we can take the advantage of sudo where system administrator give to the Nolio user the ability to run some (or all) commands as root while logging all commands and arguments.

Solution:

The following outlines the additional steps required to support sudo method (in addition to the minimum requirements to run an action as another user), and should be configured on every Nolio agent you want to use this method on,

Sudo settings

  1. Make sure the sudo user account is configured in /etc/sudoers

  2. The user should not require tty settings in /etc/sudoers (e.g "Defaults !requiretty" will be enabled, and "Defaults requiretty" will be commented out)

    #
    # Disable "ssh hostname sudo <cmd>", because it will show the password in clear.
    # You have to run "ssh -t hostname sudo <cmd>".
    #
    Defaults requiretty
    Defaults:wlsadmin !requiretty

    ## Allow root to run any commands anywhere
    root ALL=(ALL) ALL
    wlsadmin ALL=(ALL) ALL

    Where 'wlsadmin' = sudo user account

Nolio Agent settings

  1. Copy the 'SudoActionsRunner.sh' to the Nolio Agent install directory and grant it 775 permissions using:
    chmod 775 SudoActionsRunner.sh

  2. .Modify <Nolio Agent install directory>/conf/processes.properties and update the cmd.to.execute argument as below:
    cmd.to.execute=./SudoActionsRunner.sh

  3. Restart the Nolio Agent:
    <Nolio Agent install directory> ./deployer_daemon.sh restart

Action configuration

  1. The username will be the user you would like to use to execute the command

  2. The password will be the password of the user account.

    Ex: In the following example, the action is configured to run with the user account 'wlsadmin'

    Figure 1


File Attachments:
TEC600990.zip