Configuring the sudo command
You can configure the sudo command in the VM Recovery Manager HA solution.
Prerequisites
The AIX operating system does not have sudo features by default. You must download the sudorpm package from the web and install it in the KSYS node.
Configuring the Sudo
Only a root user can configure sudo features in the AIX operating system. The username of the user must be added to the sudoers file for the user to run the sudo command.
Editing the sudoers file
To configure the sudo command, you can edit the sudoers file by using the visudo
command. To enable the user to run the commands, in the sudoers file, under the user privilege
specification, specify the username and commands. The user can run only the commands specified in
the user privilege section for the user.
##
## Host alias specification
##
##
## User alias specification
##
##
## Cmnd alias specification
##
#Cmnd_Alias SU = /usr/bin/su
##
## Uncomment to enable logging of a command's output, except for
## sudoreplay and reboot. Use sudoreplay to play back logged sessions.
# Defaults log_output
# Defaults!/usr/bin/sudoreplay !log_output
# Defaults!/usr/local/bin/sudoreplay !log_output
# Defaults!REBOOT !log_output
##
## Runas alias specification
##
##
## User privilege specification
##
root ALL=(ALL) ALL
<username> ALL=(ALL) /opt/IBM/ksys/ksysmgr q vm, /opt/IBM/ksys/ksysmgr q host
## Allows people in group wheel to run all commands
# %wheel ALL=(ALL) ALL
Verifying the execute permissions for a user
To verify the execute permission that you provided for the user in the sudoers file, complete the following steps.
- Log in to the user account for which you have provided the execute permission.
- Run the following command:
The command runs successfully and an output similar to the following example is displayed.# sudo /opt/IBM/ksys/ksysmgr q host
ERROR: KSYS subsystem is currently offline, please sync ksyscluster to start KSYS "ksysmgr sync ksyscluster <name>"
- Run the following command:
The command runs successfully and an output similar to the following example is displayed.# sudo /opt/IBM/ksys/ksysmgr q vm
ERROR: KSYS subsystem is currently offline, please sync ksyscluster to start KSYS "ksysmgr sync ksyscluster <name>"
- Run the following command:
The command does not run successfully and an output similar to the following example is displayed.# sudo /opt/IBM/ksys/ksysmgr q vios
Sorry, <username> is not allowed to execute '
/opt/IBM/ksys/ksysmgr q vios
' as root on <hostname>.
Since you provided the execute permission to the user for the first two commands in the example
sudoers file (see the previous
topic), the
ksysmgr q vm
and ksysmgr q host
, commands ran successfully, and
because you did not provide the execute permission to the user for the
ksysmgr q
vios
command in the example
sudoers file, this command did not run successfully, and a message stating that
the user is not allowed to execute the command was displayed.
Granting the execute permission for all commands
root ALL=(ALL) ALL
<useranme> ALL=(ALL) /opt/IBM/ksys/
Troubleshooting the sudo command configuration error
sudo -v
command
displays the following error:
sudo: error in /etc/sudo.conf, line 0 while loading plugin "sudoers_policy"
sudo: unable to load /opt/freeware/libexec/sudo/sudoers.so: 0509-022 Cannot load module /opt/freeware/libexec/sudo/sudoers.so.
0509-150 Dependent module /usr/lib/libcrypto.a(libcrypto.so.1.0.2) could not be loaded.
0509-152 Member libcrypto.so.1.0.2 is not found in archive
0509-022 Cannot load module /opt/freeware/libexec/sudo/sudoers.so.
0509-150 Dependent module /opt/freeware/libexec/sudo/sudoers.so could not be loaded.
sudo: fatal error, unable to load plugins
To
resolve this error, export the library path LIBPATH=/opt/freeware/lib:$LIBPATH
by running the export
command.