View unanswered posts | View active topics It is currently Mon Sep 24, 2018 11:08 pm



Reply to topic  [ 1 post ] 
 Installing SUDO on ESXi 3.5u4 
Author Message

Joined: Thu Jul 16, 2009 12:53 am
Posts: 1
Reply with quote
Post Installing SUDO on ESXi 3.5u4
Hi everyone,

First, sorry for my poor English, i'll try to make my best :roll:
A little contribution here (by this way, thanks a lot Dave Mishchenko, you have preserved our work hours ^^)


=> Installing SUDO on ESXi 3.5u4 :
by activating SSH on our ESXi (3.5u4) hosts we decide to prefer using sudo instead of su or root login (to prevent the root password going over network, we use it only @ local).

So, to disable SSH rootlogin, just modify ssh line in inetd.conf by adding -w at the end, like this :
Code:
ssh     stream  tcp     nowait  root    /sbin/dropbearmulti     dropbear ++min=0,swap,group=shell -i -w


Next, i downloaded sudo.rpm package for Red Hat Linux here : http://www.sudo.ws/sudo/download.html

A little step with rpm2tgz sudo.rpm (made under a Linux VM), and next, copy the sudo.tgz file created in / on ESXi, and a tar -zxvf sudo.tgz make the rest.

visudo (usually used to edit /etc/sudoers) doesn't work on ESXi because of vi (as wget for example) is hidden ...
But no matter, vi is fine. For example you can add this line, which enables, without the need to enter the root password, all commands from all computers from all users of group "users" (is just an example to see fast if all works... :) )
Code:
%users           (ALL)=(ALL)NOPASSWD:      ALL

(Manual to use sudoers file here : http://www.gratisoft.us/sudo/man/sudoers.html)






Next, sudo have to be launched by root (setuid restriction) :
Code:
chmod 4755 /bin/sudo





=> Including SUDO in OEM.TGZ
This changes does not survive to a reboot, so you have to create an oem.tgz file, but, beware of PSOD :)

Indeed the sudo.tgz file created extracts sudo and visudo under /usr/bin and /usr/sbin, which are links to /bin and /sbin.
So, after extraction of sudo.tgz in your /oemtmpdirectory, do not forget to mv usr/bin and usr/sbin to bin and sbin. If you forget, at reboot, you will encouter a PSOD saying that :
"Directory redefined for non-dir /usr/bin..............."

(do not forget also to make the chmod 4755 on bin/sudo)


There you can find my oem_SUDO.tgz in attachment (you have to edit /etc/sudoers file which is still the default one)

Attachment:
oem_SUDO.tgz [54.74 KiB]
Downloaded 328 times


Hope this helps someone ! :mrgreen:
Regards


Thu Jul 16, 2009 2:00 am
Profile
Display posts from previous:  Sort by  
Reply to topic   [ 1 post ] 

Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group.
Designed by STSoftware for PTF.