Administration Guide › Managing SystemEDGE and Application Insight Modules (AIMs) › How to Deploy SystemEDGE and AIMs › Specific Remote Deployment Use Cases › Remote Deployment to UNIX/Linux Using Non Privileged User Account
Remote Deployment to UNIX/Linux Using Non Privileged User Account
If you want to use a nonprivileged user account, consider the following requirements about the sudo configuration:
- Sudo must not enforce that the executed program has a valid pseudo terminal that is attached to it. To disable such validation for a particular user (if it is globally enabled), add the line “Defaults:$username !requiretty” to the /etc/sudoers file. Replace $username by the actual username that is used for Remote Deployment.
The standard way to edit the file is using the visudo command. The visudo command invokes $EDITOR. When editing is finished, it verifies the syntax of the file. If the result is not valid, visudo blocks saving the file.
- Sudo must not ask the user for a password before running the elevated program. To achieve this behavior, the NOPASSWD: keyword must be present on the line giving privileges to the user.
- Sudo must be allowed to run the necessary commands or all. Configuration entries (lines in /etc/sudoers) satisfying the previous requirements are, for example:
$username ALL=(ALL) NOPASSWD: ALL
or
$username ALL = NOPASSWD: /usr/bin/id,/bin/sh /tmp/idprimer/PifInst *
Note: Replace $username by the actual username that is used for Remote Deployment. If the paths for "id" and "sh are different from /usr/bin/id or /bin/sh, adjust the path in the configuration entry appropriately.
On Solaris, consider the following requirements for pfexec:
|
Copyright © 2013 CA.
All rights reserved.
|
|
