Remote Deployment to UNIX/Linux Using a Nonprivileged User Account

To use a nonprivileged user account, consider the following sudo configuration requirements:
casa
To use a nonprivileged user account, consider the following sudo configuration requirements:
  • Sudo must not require that a valid pseudo terminal is attached to the executed program. To disable such validation for a specific user, add the following line to the /etc/sudoers file:
    Defaults:
    $username
     !requiretty
    $username
    Defines the actual user name that is used for Remote Deployment.
    The standard method of editing the file is to use the visudo command. The visudo command invokes $EDITOR. When editing is finished, the command verifies the file syntax. If the result is invalid, visudo blocks saving the file.
  • Sudo must not require a password before running the elevated program. To disable the requirement for a password, add the NOPASSWD: keyword to the line in /etc/sudoers that gives privileges to the user.
  • Sudo must be allowed to run specific commands or ALL. For example, the following lines in /etc/sudoers satisfy the previous requirements:
    $username
     ALL=(ALL) NOPASSWD: ALL
    or
    $username
     ALL = NOPASSWD: /usr/bin/id,/bin/sh /tmp/idprimer/PifInst *
    If the
    id
    and
    sh
    paths are not
    /usr/bin/id
    or
    /bin/sh
    , adjust the path appropriately in the configuration entry.
On Solaris systems, consider the following pfexec requirements:
  • Use the following command to give the
    Primary Administrator
    profile to any local user:
    usermod -P “Primary Administrator” {user}
  • To give the
    Primary Administrator
    profile to any nonlocal user, manually add the following entry to the /etc/user_attr file:
    user::::type=normal;profiles=Primary Administrator