Creating a super user on an AIX operating system
You can create a user with required permissions to run the adapter correctly on a workstation that uses an AIX® operating system.
About this task
In this task, the user is "tdiuser".
Procedure
-
Create a user.
-
Issue the command:
mkuser home="/home/tdiuser" shell="/usr/bin/ksh" tdiuser
-
Set the following statement in the user PATH environment variable:
PATH=/usr/bin:/etc:/usr/sbin:/usr/ucb:$HOME/bin:/usr/bin/X11:/sbin: /usr/local/bin
The following commands must be in the user path:
mv, tee, cp, kill, chsec, mkdir, rm, sudo
If the super user is used to log in and run commands, then '.' can be added to the PATH environment variable.
-
Issue the command:
- Grant sudo permissions to the user for AIX commands. Note: By default, the sudo command requires user authentication before it runs a command. To modify this behavior, add the NOPASSWD tag to the sudoers file entry.
- Open the sudoers file. Issue the following command:
bash-2.05b$ visudo
- If the line
Defaults requiretty
exists in the file, comment it out.#Defaults requiretty
- Insert the following lines to allow sudo access.
The entry beginning with
tdiuser
must be entered on a single line. It is displayed here as multiple lines for readability.
The following commands are used by the connector but are not needed in the sudoers file. However, if the sudo user is used, the user needs execute permissions on these commands.# User privilege specification tdiuser ALL=NOPASSWD:/usr/bin/pwdadm,/usr/bin/passwd,/usr/bin/mkuser, /usr/sbin/rmuser,/usr/bin/chuser,/usr/bin/chmod,/usr/bin/cat, /usr/bin/rm,/usr/bin/tee,/usr/bin/ed,/usr/bin/groups,/usr/bin/ls, /usr/bin/logins,/usr/sbin/lsuser,/usr/bin/mv,/usr/sbin/lsgroup, /usr/bin/chpasswd,/usr/bin/chsec,/usr/sbin/usermod,/usr/sbin/lsrole, /usr/bin/mkgroup,/usr/sbin/rmgroup,/usr/bin/chgroup,/usr/bin/mkrole, /usr/sbin/rmrole,/usr/bin/chrole,/usr/bin/mkdir,/usr/bin/rm, /usr/bin/kill,/usr/bin/hostname
/usr/bin/tr, /usr/bin/cut, /usr/bin/egrep, /usr/bin/awk, /usr/bin/sort, /usr/bin/ps, /usr/bin/sed
Note: The UNIX and Linux Adapter does not support accessing the endpoint as a user with sudolog_output
enabled. - Validate the format of the /etc/sudoers file
Issue the command:
If syntax is wrong the command prompts an error message, for example:visudo -c
$ visudo -c >>> sudoers file: syntax error, line 30 <<< parse error in /etc/sudoers near line 30
Note: The sudo access command paths that are listed here are an example. The actual command paths vary depending upon the resource. Ensure that the correct path is specified in the sudoers file.
- Open the sudoers file.
- Set the password for the newly created user. Issue the command:
bash-2.05b$passwd tdiuser