AIXTOOLS, IBM AIX and POWER Portal
AIX => AIXTOOLS => Topic started by: roxyland on October 28, 2020, 07:52:03 AM
-
Hi,
The download link on http://www.aixtools.net/index.php/sudo
http://download.aixtools.net/tools/aixtools.sudo-ldap.1.8.31.0.I
seems to be broken.
Was hoping to get a sudo package that support LDAP.
Thanks
-
sorry I was able to download from that link. Must have been trying an older verion earlier.
Anyway, I've installed it, but the ownership on the installed files cause errors:
sudo: /opt/bin/sudo must be owned by uid 0 and have the setuid bit set sudo: /opt/libexec/sudo/sudoers.so must be owned by uid 0 sudo: fatal error, unable to load plugins
They are owned by bin:bin. It also changes ownership of /etc /var and sub-directories to bin:bin
-
I'll look into it. Not done much with sudo lately.
My normal packaging process sets all packages to bin.bin - I'll modify the install.config script to do some chown root.bin for /opt/bin/sudo.
What I had been working on, but never got any feedback from sudo project - was to use RBAC to elevate privilege. Effect is the same, but you had the added 'onion' skin, that you needed to have the authentication 'sudo' to execute sudo - at all.
Don't think I'll get to it today - but quick!
Michael
-
Thanks for the heads-up. I have repackaged sudo-1.8.31 - with LDAP support - and the correct config scripts to make sure the files that need to be owned by root - are owned by root.bin.
Note: I do not use root.system on purpose. I want accounts to have more privilege required that merely being a member of group system.
All feedback is welcome!
