Cisco Headend System Release 3.2
Chapter 3 Configure LDAP and Sudo Support
14
4017610 Rev A
Configure Sudo Support
Sudo (su "do") is a program that allows certain users to run commands with
privileges of root or another user. Configuration of sudo is contained in the sudoers
file. This configuration file contains a list of users and the commands they are
authorized to run. All permitted commands must be invoked by prefixing the
command with sudo. Before running a command, a user is forced to enter his
password. Once authenticated, sudo verifies the user's authorization by checking
the sudoers file. SR 5.0 bundles a default sudo configuration in
/usr/local/etc/sudoers file. Only the visudo program must be used to edit the
sudoers file because of its built-in syntax checking.
Many factors influence the configuring of the sudoers file. Only a simple
configuration for administering DNCS is presented here. Application Servers and
the RNCS can be also be administered using these procedures. However, sites must
contact Cisco services for advanced configurations and other customizations.
Site administrators must define DBDS administrators using LDAP netgroup entries.
As shown in the following example, DBDS administrators can be defined using the
following LDIF:
privileges of root or another user. Configuration of sudo is contained in the sudoers
file. This configuration file contains a list of users and the commands they are
authorized to run. All permitted commands must be invoked by prefixing the
command with sudo. Before running a command, a user is forced to enter his
password. Once authenticated, sudo verifies the user's authorization by checking
the sudoers file. SR 5.0 bundles a default sudo configuration in
/usr/local/etc/sudoers file. Only the visudo program must be used to edit the
sudoers file because of its built-in syntax checking.
Many factors influence the configuring of the sudoers file. Only a simple
configuration for administering DNCS is presented here. Application Servers and
the RNCS can be also be administered using these procedures. However, sites must
contact Cisco services for advanced configurations and other customizations.
Site administrators must define DBDS administrators using LDAP netgroup entries.
As shown in the following example, DBDS administrators can be defined using the
following LDIF:
# DBDSAdmins, Netgroup, example.com
dn: cn=DBDSAdmins,ou=Netgroup,dc=example,dc=com
objectClass: nisNetgroup
objectClass: top
cn: DBDSAdmins
description: All DBDS Admins in the Organization
nisNetgroupTriple: (,dbdsusr1,)
nisNetgroupTriple: (,dbdsusr2,)
nisNetgroupTriple: (,dbdsusr3,)
Before You Begin
Before you begin, gather the following information from the site administrator:
Userids and/or LDAP netgroup name that defines DBDS administrator.
Important: The following procedure assumes that the DBDSADMINS netgroup
entry exists in LDAP.
entry exists in LDAP.