Sudo Configuration Methods / Execution Methods

How to configure Hardware PM to use different credentials or the sudo utility (3 methods).

Related Topics

Description

The Hardware PM can be configured to use different Credentials / the sudo utility in three different ways.

Symptoms

Commands that require Sudo are not working correctly.

Solution

1st method: Sudo

The software logs into the server using the credentials Credentials: [Telnet/SSH], it then runs the command using sudo.

To use this method, we would need the patrol user credentials to be entered in Credentials: [Telnet/SSH], the section Credentials: [Execution] and Credentials: [Root] needs to be blank (no user credentials), and the option "Use Sudo Utility" selected.  The sudo utility would need to be configured for all commands that need root and the sudo utility would also need to be in the path of the Patrol User.  Select the option "Use Sudo Utility".

  • i.e.
  • login patrol
  • sudo command

2nd method: Ultra Secure Sudo

The software logs into the server using the credentials Credentials: [Telnet/SSH], then does an su to Credentials: [Execution], then runs the command using sudo. 

This method is a slight modification of the 1st method, which is rarely used outside ultra secure environments.  This is used when the first username does not have the rights to run the sudo.

To use this method, we would need the patrol user credentials to be entered in Credentials: [Telnet/SSH], the second, non-root user, but able to run the sudo command to be entered in Credentials: [Execution], and Credentials: [Root] to be left blank.  The option "Use Sudo Utility" needs to be selected.  The sudo utility would need to be configured for all commands that need root and the sudo utility would also need to be in the path of the Patrol User.  Then select the option "Use Sudo Utility".

  • i.e.
  • login patrol
  • su - secure-user
  • sudo command

3rd method: Root

The software logs into the server using credentials Credentials: [Telnet/SSH], then su to Credentials: [Root] and runs the command directly.

To use this method, we would need the patrol user credentials to be entered in Credentials: [Telnet/SSH], section Credentials: [Execution] left blank, and the root credentials section Credentials: [Root].  The select the option "Use above Execution/Root credentials."

  • i.e.
  • login patrol
  • su - root
  • command