sudo cmd

book

Article ID: 197589

calendar_today

Updated On:

Products

CA Virtual Privilege Manager CA Privileged Identity Management Endpoint (PIM)

Issue/Introduction

We have a rule like this

 

editres SUDO ('mycommand') audit(FAILURE) comment('/opt/software/<version>/bin/command') defaccess(NONE) owner('secown') targuid('root')

 

This means we have to modify the rule every time we upgrade. Is there a way to replace <version> with a wildcard?

Environment

Release : 12.8

Component : CA ControlMinder

Resolution

Wild cards are not allowed in the command part of the data property of the SUDO class, so what you want to do is not possible.

The only thing I can think of that might work is to use symlinks.

e.g.

/opt/software/<version>/bin/command

ln -s /opt/software/<version> /opt/software/latest

editres SUDO ('mycommand') audit(FAILURE) comment('/opt/software/<version>/bin/command') defaccess(NONE) owner('secown') targuid('root')

Then when you upgrade make sure you do:

ln -sf /opt/software/<version> /opt/software/latest

This might be easier than changing a few rules.

Please test this before deploying to production though as it is possible that something might not like the symlink.