AnsweredAssumed Answered

Inventory client for Unix - Setting Privileges for snow user

Question asked by paulfoel on May 25, 2017
Latest reply on Jun 29, 2017 by paulfoel

Heres extract from user guide:-

 

PRIVILEGES
There are two privilege options for running the client, and each option is described in the sections
below.
Commands like pkginfo, pkgchk must be reachable from the configured path variable in the system.
FULL PRIVILEGES
A user with root privileges or privileges to run the Java runtime with the sudo program is required.
PRINCIPLE OF LEAST PRIVILEGES
A user that has sudo rights to specific operating system commands depending on operating system,
see table below. The sudoers file also need to have the NOPASSWD option set.
Example from sudoers file:
User snow has the rights to execute the commands with sudo and no password:
##
## User privilege specification
##
root ALL=(ALL) ALL
snow ALL=NOPASSWD: /usr/bin/ls -l /proc/*
snow ALL=NOPASSWD: /usr/bin/file

 

But then later on it advises that the following needs to be run :-

 

Use the following command line to perform an inventory of hardware and software on the server.
The result and log file will be placed in the directory /var/opt/snow.
$ sudo java -jar unixclient.jar sitename=MyTestSite

 

Am I mssing something here though - unless you add the following to /etc/sudoers then the user snow does not have permission to run sudo java? I don't get the point of the PRINCIPLE OF LEAST PRIVILEGES section.

 

snow ALL=NOPASSWD:/usr/bin/java

Outcomes