Remote Deployment to UNIX/Linux Using a Nonprivileged User Account
To use a nonprivileged user account, consider the following sudo configuration requirements:
casa
To use a nonprivileged user account, consider the following sudo configuration requirements:
- Sudo must not require that a valid pseudo terminal is attached to the executed program. To disable such validation for a specific user, add the following line to the /etc/sudoers file:Defaults:$username!requiretty$usernameDefines the actual user name that is used for Remote Deployment.The standard method of editing the file is to use the visudo command. The visudo command invokes $EDITOR. When editing is finished, the command verifies the file syntax. If the result is invalid, visudo blocks saving the file.
- Sudo must not require a password before running the elevated program. To disable the requirement for a password, add the NOPASSWD: keyword to the line in /etc/sudoers that gives privileges to the user.
- Sudo must be allowed to run specific commands or ALL. For example, the following lines in /etc/sudoers satisfy the previous requirements:$usernameALL=(ALL) NOPASSWD: ALLor$usernameALL = NOPASSWD: /usr/bin/id,/bin/sh /tmp/idprimer/PifInst *If theidandshpaths are not/usr/bin/idor/bin/sh, adjust the path appropriately in the configuration entry.
On Solaris systems, consider the following pfexec requirements:
- Use the following command to give thePrimary Administratorprofile to any local user:usermod -P “Primary Administrator” {user}
- To give thePrimary Administratorprofile to any nonlocal user, manually add the following entry to the /etc/user_attr file:user::::type=normal;profiles=Primary Administrator