search cancel

How to configure ControlMinder rules so that ordinary users can execute root commands using sesudo

book

Article ID: 33278

calendar_today

Updated On:

Products

CA Privileged Access Manager - Server Control (PAMSC) CA Privileged Identity Management Endpoint (PIM)

Issue/Introduction

How to configure ControlMinder rules so that ordinary users can execute root commands?

This example demonstrates how to mount a CD volume in Linux/Unix as an ordinary user.

Environment

Release: ACP1M005900-12.9-Privileged Identity Manager and higher
Component: Privileged Identity Manager

Cause

This is a sample article showcasing the usage.

Resolution

Instructions: 

In selang on the local UNIX host

AC> eu dummy password(itsPWD) unix
AC> authorize program /opt/CA/AccessControl/bin/sesudo uid(dummy)
AC> er surrogate USER.root owner(root) defaccess(r) audit(all)

AC> authorize surrogate USER.root uid(dummy) via(pgm(/opt/CA/AccessControl/bin/sesudo))
AC> er sudo usermount data(/bin/mount) audit(s,f)
AC> authorize sudo usermount id(dummy)

Login as the user dummy and execute

$ /opt/CA/AccessControl/bin/sesudo usermount /dev/sr0 /media/

Additional Information

For more information about the sesudo utility, see the product documentation guide.

https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/privileged-access-manager-server-control/14-1/reference/utilities/sesudo-utility.html