How to configure ControlMinder rules so that ordinary users can execute root commands using sesudo
search cancel

How to configure ControlMinder rules so that ordinary users can execute root commands using sesudo

book

Article ID: 33278

calendar_today

Updated On:

Products

CA Privileged Access Manager - Server Control (PAMSC) CA Privileged Identity Management Endpoint (PIM)

Issue/Introduction

How to configure ControlMinder rules so that ordinary users can execute root commands?

This example demonstrates how to mount a CD volume in Linux/Unix as an ordinary user.

Environment

Release: All supported PIM / PAMSC endpoint versions for UNIX/LINUx as of October 2023.
Component: Privileged Identity Manager / PAMSC Endpoint

Cause

This is a sample article showcasing the usage.

Resolution

Instructions: 

In selang on the local UNIX host

AC> eu dummy password(itsPWD) unix
AC> authorize program /opt/CA/AccessControl/bin/sesudo uid(dummy)
AC> er surrogate USER.root owner(root) defaccess(r) audit(all)

AC> authorize surrogate USER.root uid(dummy) via(pgm(/opt/CA/AccessControl/bin/sesudo))
AC> er sudo usermount data(/bin/mount) audit(s,f)
AC> authorize sudo usermount id(dummy)

Login as the user dummy and execute

$ /opt/CA/AccessControl/bin/sesudo usermount /dev/sr0 /media/

Additional Information

For more information about the sesudo utility, see the product documentation guide.

https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/privileged-access-manager-server-control/14-1/reference/utilities/sesudo-utility.html