Cisco Headend System Release 2.7
Enable Sudo Support
4017610 Rev A
31
Enabling Sudo Support on the LDAP Client
Follow these instructions to enable Sudo support on the LDAP client.
CAUTION:
Only appropriately qualified and skilled personnel should attempt to install,
operate, maintain, and service this product. Incorrectly configuring the system
can lock all users out of the system. Correcting this requires a lengthy process
of booting from the OS media and undoing the changes.
Only appropriately qualified and skilled personnel should attempt to install,
operate, maintain, and service this product. Incorrectly configuring the system
can lock all users out of the system. Correcting this requires a lengthy process
of booting from the OS media and undoing the changes.
1 Type ls /usr/local/etc/sudo.ldap.conf.dist and press Enter to verify that the
sudo.ldap.conf.dist file exists.
2 Does the sudo.ldap.conf.dist file exist?
If yes, continue with the next step in this procedure.
If no, refer to the sample LDAP configuration file in Appendix E (on page 39)
and use an editor such as vi to create /usr/local/etc/sudo.ldap.conf.dist file.
and use an editor such as vi to create /usr/local/etc/sudo.ldap.conf.dist file.
3 Type cp -p /usr/local/etc/sudo.ldap.conf.dist /etc/ldap.conf and press Enter. The
configuration file is copied into place.
4 Use a text editor such as vi to open /etc/ldap.conf and press Enter. Modify the
following entries with appropriate values that you obtained from the site
administrator and begin again with step 1 of this procedure.
administrator and begin again with step 1 of this procedure.
host
base
sudoers_base
5 Type ls -l /etc/ldap.conf and press Enter to verify permissions and ownership.
6 Use a text editor such as visudo to open /usr/local/etc/sudoers and add the
6 Use a text editor such as visudo to open /usr/local/etc/sudoers and add the
appropriate entries as indicated in Server Checks. Then save and close
usr/local/etc/sudoers.
usr/local/etc/sudoers.
7 Use a text editor such as vi to open /etc/syslog.conf and add the local 2 entry as
shown in the following example:
local 2: debug /var/log/sudolog
8 Type touch /var/log/sudolog and press Enter.
9 Type svcadm restart svc:/system/system-log:default and press Enter to restart
9 Type svcadm restart svc:/system/system-log:default and press Enter to restart
syslogd and activate sudo logging.