Remote Deployment to UNIX/Linux Using Non Privileged User Account

If you want to use a nonprivileged user account, consider the following requirements about the sudo configuration:

Sudo must not enforce that the executed program has a valid pseudo terminal that is attached to it. To disable such validation for a particular user (if it is globally enabled), add the line “Defaults:$username !requiretty” to the /etc/sudoers file. Replace $username by the actual username that is used for Remote Deployment.
The standard way to edit the file is using the visudo command. The visudo command invokes $EDITOR. When editing is finished, it verifies the syntax of the file. If the result is not valid, visudo blocks saving the file.
Sudo must not ask the user for a password before running the elevated program. To achieve this behavior, the NOPASSWD: keyword must be present on the line giving privileges to the user.
Sudo must be allowed to run the necessary commands or all. Configuration entries (lines in /etc/sudoers) satisfying the previous requirements are, for example:
```
$username ALL=(ALL) NOPASSWD: ALL
```
or
```
$username ALL = NOPASSWD: /usr/bin/id,/bin/sh /tmp/idprimer/PifInst *
```
Note: Replace $username by the actual username that is used for Remote Deployment. If the paths for "id" and "sh are different from /usr/bin/id or /bin/sh, adjust the path in the configuration entry appropriately.

On Solaris, consider the following requirements for pfexec:

Any local user can be given profile “Primary Administrator” with the following command
```
usermod -P “Primary Administrator” {user}
```
Any nonlocal user can be given profile “Primary Administrator” by manually adding an entry in the file /etc/user_attr:
```
user::::type=normal;profiles=Primary Administrator
```