Hi All,
Please help me with how to give user a Sudo access in Linux environment through Bigfix.
Thanks,
This is more of a question on how you’re granting elevated permissions to individual users or better yet groups based on best practices for your targeted Linux distribution (CentOS, RHEL, SLES, Ubuntu). In this case, BigFix is simply the execution point for the necessary commands to accomplish the desired results.
thanks for writing.
Is there any method with which it can be achievable through Bigfix
Only once you’ve identified the necessary commands for the specific Linux distribution you intend to target.
Once you have the necessary Linux commands identified, you would then leverage the wait and possibly the createfile until commands in Action Script.
You could also search BigFix.me to see if there’s anything existing in the repository that’s close to what you’re wanting to accomplish.
thanks,
Please let me know if below works.
delete __appendfile
appendfile sudo -i
appendfile echo ‘{parameter “username” of action} ALL=(ALL:ALL) ALL’ >> /etc/sudoers
appendfile
delete useraccess.sh
copy __appendfile useraccess.sh
wait chmod 555 useraccess.sh
waithidden bash useraccess.sh
So you don’t need the “appendfile sudo -i” as the BESClient runs as root.
It’s typically better to move your append file vs. copy and you may want to run it from /tmp vs the BESClient Opp/Custom site.
Use wait instead of waithidden on Linux/Unix.
If your script requires full path details/variables for root, then you’ll want to execute your script as follows:
wait sudo su - root -c “/tmp/useraccess.sh”
Depending on the level of complexity, you may want to add error handling to the SH script or Action Script as well as standard output + standard error redirection to a log file.
thanks for supporting so much.
I have edited to below:
delete __appendfile
appendfile echo ‘{parameter “username” of action} ALL=(ALL:ALL) ALL’ >> /etc/sudoers
appendfile
delete useraccess.sh
copy __appendfile useraccess.sh
wait sudo su - root -c “/tmp/useraccess.sh”
wait chmod 555 useraccess.sh
wait bash useraccess.sh
Something like the following that leverages the createfile operator has worked for me in the past.
delete __createfile
delete /tmp/bf_tmp_script.sh
createfile until __EOF
#
# YOUR LINUX/DISTRO SPECIFIC SCRIPT GOES HERE
#
__EOF
move __createfile /tmp/bf_tmp_script.sh
wait chmod 755 /tmp/bf_tmp_script.sh
wait sudo su - root -c "/tmp/bf_tmp_script.sh"
delete /tmp/bf_tmp_script.sh
Just make sure that your Linux/Distro specific commands/scripts work independently before plugging into BigFix.
1 Like