Creating a super user on a Linux operating system

You can create a user with required permissions to run the adapter correctly on a workstation that uses a Linux® operating system.

About this task

The adapter supports both SUSE and RHEL. In this example, the user is "tdiuser".

Procedure

  1. Create a user with security group permission.
    1. Issue the command: 
      useradd –d "/home/tdiuser" –s "/bin/bash" –m tdiuser
    2. Set the following statement in the user PATH environment variable: 
      PATH=/usr/bin:/usr/sbin:/etc:

      The following commands must be in the user path:

      mv, tee, cp, kill, mkdir, rm, faillog, faillock, pam_tally2, grep, lastlog, sudo

      Note: For SLES 11 and higher, the faillog command full path is /usr/sbin/faillog.
      If the super user is used to log in and run commands, then '.' can be added to the PATH environment variable.
  2. Grant sudo permissions to the user for all commands.
    Note: By default, the sudo command requires user authentication before it runs a command. To modify this behavior, add the NOPASSWD tag to the sudoers file entry.
    1. Open the sudoers file.
      Issue the following command:
      bash-2.05b$ visudo
    2. If the line Defaults requiretty exists in the file, comment it out. 
      #Defaults requiretty
    3. Insert the following lines to allow sudo access.
      The entry beginning with tdiuser must be entered on a single line. It is displayed here as multiple lines for readability.

      Modify the command paths to match your operating system. Update the user path if necessary.

      # User privilege specification
tdiuser ALL=NOPASSWD:/usr/bin/passwd,/usr/sbin/useradd,
/usr/sbin/usermod,/usr/sbin/userdel,/usr/bin/tee,/bin/chmod,
/bin/cat,/bin/ls,/usr/bin/chage,/usr/bin/groups,/bin/ed,
/bin/cp,/usr/bin/faillog,/usr/sbin/groupadd,/usr/sbin/groupmod,
/usr/sbin/groupdel,/usr/bin/kill,/bin/hostname,/sbin/faillock,
/sbin/pam_tally2,/bin/mkdir,/bin/rm,/usr/bin/lastlog
      The following commands are used by the connector but are not needed in the sudoers file. However, if the sudo user is used, the user needs execute permissions on these commands:
      tr, cut, awk, sed, sort, grep, ps
      Note: The UNIX and Linux Adapter does not support accessing the endpoint as a user with sudo log_output enabled.
    4. Validate the format of the /etc/sudoers file
      Issue the command: 
      visudo -c
      If syntax is wrong the command prompts an error message, for example:
      $ visudo -c 
        >>> sudoers file: syntax error, line 30 <<< 
        parse error in /etc/sudoers near line 30
      Note: The sudo access command paths that are listed here are an example. The actual command paths vary depending upon the resource. Ensure that the correct path is specified in the sudoers file.
      For example, the complete path of ed command is /bin/ed for RHEL systems, /usr/bin/ed for SUSE systems and /bin/ed for Debian systems.
  3. Set the password for the newly created user.
    Issue the command: 
    bash-2.05b$passwd tdiuser