How to configure ControlMinder rules so that ordinary users can execute root commands?
This example demonstrates how to mount a CD volume in Linux/Unix as an ordinary user.
Release: All supported PIM / PAMSC endpoint versions for UNIX/LINUx as of October 2023.
Component: Privileged Identity Manager / PAMSC Endpoint
This is a sample article showcasing the usage.
In selang on the local UNIX host
AC> eu dummy password(itsPWD) unix
AC> authorize program /opt/CA/AccessControl/bin/sesudo uid(dummy)
AC> er surrogate USER.root owner(root) defaccess(r) audit(all)
AC> authorize surrogate USER.root uid(dummy) via(pgm(/opt/CA/AccessControl/bin/sesudo))
AC> er sudo usermount data(/bin/mount) audit(s,f)
AC> authorize sudo usermount id(dummy)
Login as the user dummy and execute
$ /opt/CA/AccessControl/bin/sesudo usermount /dev/sr0 /media/
For more information about the sesudo utility, see the product documentation guide.