Cisco Headend System Release 2.7
Appendix B
Enable Centralized Sudo Support
28
4017610 Rev A
Enable Sudo Support
Sudo is a program that allows certain users to run commands as super user. The
commands a user can run are specified in the sudoers configuration file. Sudo
provides a clear audit trail of user actions and when they were performed.
Role Based-Access Control (RBAC) that was introduced in SR 5.0 requires users to be
configured on each host, and does not lend itself to a centrally administered
solution. Providing the sudoers file via LDAP solves the above issue and supports
heterogeneous server environments.
commands a user can run are specified in the sudoers configuration file. Sudo
provides a clear audit trail of user actions and when they were performed.
Role Based-Access Control (RBAC) that was introduced in SR 5.0 requires users to be
configured on each host, and does not lend itself to a centrally administered
solution. Providing the sudoers file via LDAP solves the above issue and supports
heterogeneous server environments.
Before You Begin
Before you begin, gather the following information from the site administrator:
LDAP server hostname
Base Distinguished Name (DN) for LDAP operations
Base Sudoers organization unit
DNCS Admins netgroup
Also make certain to perform alias and server checks as described in the following
sections
sections
Alias Check
Ensure that the sux command alias exists.