Linux操作系统最少权限配置
Creating a super user on a Linux operating system
Use the following steps to create user with required permissions to run the adapter correctly on a machine using a Linux operating system (both SUSE and RHL). In this example the user is "tdiuser".
1. Create a user and specify the home directory.
a. Issue the command:
useradd –d "/home/tdiuser" –m tdiuser
b. Ensure that the /home/tdiuser/.profile exists. If not, you must create the .profile file.
c. Set the following statement in the user’s PATH environment variables:
PATH=/usr/bin:/usr/sbin:/etc:.:
2. Grant Sudo permissions to the user for all commands.
Note: By default, the sudo command requires that a user be authenticated before running a command. To modify this behavior add the NOPASSWD tag to the sudoers file.
a. Issue the following command to open the sudoers file:
bash-2.05b$ visudo
b. Insert the following lines to allow sudo access.
# User privilege specification tdiuser ALL=NOPASSWD: /usr/bin/pwdadm, /usr/bin/passwd,/usr/bin/mkuser, /usr/sbin/rmuser,/usr/bin/chuser, /usr/bin/chmod,usr/bin/cat,/usr/bin/echo, /usr/bin/grep,/usr/bin/rm,/usr/bin/rmuser,/usr/bin/tee,/usr/bin/ed, /usr/bin/groups,/usr/bin/ls,/usr/bin/logins
3. Set the password for the newly created user. Issue the command :
bash-2.05b$passwd tdiuser
Solaris操作系统最小权限配置
Creating a super user on a Solaris operating system
Use the following steps to create user with required permissions to run the adapter correctly on a machine using a Solaris operating system. In this example the user is "tdiuser".
1. Create a user and specify the home directory.
a. Issue the command: useradd –d "/home/tdiuser" –m tdiuser
b. Ensure that the /home/tdiuser/.profile exists. If not, you must create the .profile file.
c. Set the following statement in the user’s PATH environment variables: PATH=/usr/bin:/usr/bin:/etc:.:/usr/local/sbin:
2. Grant Sudo permissions to the user for all commands.
Note: By default, the sudo command requires that a user be authenticated before running a command. To modify this behavior add the NOPASSWD tag to the sudoers file.
a. Issue the following command to open the sudoers file:
bash-2.05b$ visudo
b. Insert the following lines to allow sudo access.
# User privilege specification tdiuser ALL=NOPASSWD:/usr/bin/passwd,/usr/sbin/useradd, /usr/sbin/usermod,/usr/sbin/userdel,/usr/bin/tee,/usr/bin/egrep, /usr/bin/chmod,/usr/bin/echo,/usr/bin/vi,/usr/bin/cat, /usr/bin/logins,/usr/bin/ls
3. Set the password for the newly created user. Issue the command:
bash-2.05b$passwd tdiuser
HP-UX Trusted 最小化权限配置
Creating a super user on an HP-UX Trusted operating system
Use the following steps to create user with required permissions to run the adapter correctly on a machine using an HP-UX Trusted operating system. In this example the user is "tdiuser".
1. Create a user and specify the home directory.
a. Issue the command: useradd –d "/home/tdiuser" –m tdiuser
b. Ensure that the /home/tdiuser/.profile exists. If not, you must create the .profile file.
c. Set the following statement in the user’s PATH environment variables: PATH=/usr/bin:/usr/sbin:/etc:.:/usr/local/bin:/usr/lbin:
2. Grant Sudo permissions to the user for all commands.
Note: By default, the sudo command requires that a user be authenticated before running a command. To modify this behavior add the NOPASSWD tag to the sudoers file.
a. Issue the following command to open the sudoers file:
bash-2.05b$ visudo
b. Insert the following lines to allow sudo access. tdiuser ALL=NOPASSWD: /usr/bin/passwd,/usr/sbin/useradd, /usr/sbin/usermod,/usr/sbin/userdel, /usr/bin/cat, /usr/lbin/getprpw, /usr/lbin/modprpw, /usr/bin/chmod,/usr/bin/cat, /usr/bin/ls, /usr/bin/grep, /usr/bin/tee,/usr/bin/ed,/usr/sbin/logins
3. Set the password for the newly created user. Issue the command:
bash-2.05b$passwd tdiuser
HP-UX NonTrusted 最小化权限配置
Creating a super user on an HP-UX NonTrusted operating system
Use the following steps to create user with required permissions to run the adapter correctly on a machine using an HP-UX NonTrusted operating system. In this example the user is "tdiuser".
1. Create a user and specify the home directory.
a. Issue the command:
useradd –d "/home/tdiuser" –m tdiuser
b. Ensure that the /home/tdiuser/.profile exists. If not, you must create the .profile file.
c. Set the following statement in the user’s PATH environment variables: PATH=/usr/bin:/usr/sbin:/etc:.:/usr/local/bin:
2. Grant Sudo permissions to the user for all commands.
Note: By default, the sudo command requires that a user be authenticated before running a command. To modify this behavior add the NOPASSWD tag to the sudoers file.
a. Issue the following command to open the sudoers file:
bash-2.05b$ visudo
b. Insert the following lines to allow sudo access.
# User privilege specification tdiuser ALL=NOPASSWD:/usr/bin/chmod,/usr/bin/cat,/usr/sbin/logins, /usr/bin/ls,/usr/bin/passwd,/usr/sbin/useradd,/usr/sbin/usermod, /usr/sbin/userdel,/usr/bin/grep,/usr/bin/tee,/usr/bin/ed
3. Set the password for the newly created user. Issue the command:
bash-2.05b$passwd tdiuser