[sudo-users] Configuring the sudoers file for a DBA

Stephen Carville scarville at landam.com
Mon Dec 15 11:52:10 EST 2008

On Monday 15 December 2008 03:59, Chris.Schrimshaw at kub.org wrote:
> I need to give access to one of our DBA's to run chfs inside smitty so he
> can add space to his file system.
> I want to remove his root access later, but for now, I want to set it up
> so he can run chfs using smitty, get him used to using it and then yank
> his root access. What is the best way to set this up using the sudoers
> file?

Long time since I had to support AIX but, IIRC, SMIT is just a wrapper that 
calls system utilities via a shell to do the actual work.   So if oracleguy 
runs SMIT as himself then something like this might work:

oracleguy     ALL=(root) NOPASSWD:/usr/bin/chfs

> ABC03537        ALL = (root) NOPASSWD: /usr/bin/su - root       (but some
> how add------- /usr/sbin/chfs)

Stephen Carville <scarville at landam.com>
Systems Engineer
Land America
1.626.667.1450 X1326
Any security software design that doesn't assume the enemy
possesses the source code is already untrustworthy.
                                           -- Eric Raymond

More information about the sudo-users mailing list