Help Center/ Cloud Bastion Host/ FAQs/ User, Resource, and Policy Configuration in a CBH System/ Adding Resources to a CBH System/ How Do I Set a Sudo Privilege Escalation Account for the Managed Resource?
Updated on 2023-04-11 GMT+08:00

How Do I Set a Sudo Privilege Escalation Account for the Managed Resource?

CBH supports adding Sudo login accounts for SSH and Telnet hosts.

Account test can be used by the O&M engineer admin_A to log in to the target host. However, account test has limited permissions. In this case, the CBH system administrator can use the sudo command to escalate the privileges of account test for O&M purpose of engineer admin_A. After the sudo privilege escalation is configured, the system automatically switches to the Sudo account login page when engineer admin_A logs in to the target host using account test. The administrator can configure a sudo privilege escalation login account as follows:

  1. Choose Resource > Host.
  2. Locate the row where the target host resides and click More > Add Account in the Operation column.

    Figure 1 Adding an account

  3. Select Sudo Login for Login Type, complete other required information, and click OK.

    Figure 2 Adding a sudo privilege escalation account
    Table 1 Parameters for setting a sudo privilege escalation account

    Parameter

    Description

    Login Type

    Select Sudo Login.

    Password

    Enter the login password of an account with the highest level of permissions to the target host.

    For example, if user root has the highest permission to the managed host, enter the password of user root.

    Switch from

    Select the account with no privilege escalation configured.

    Switch command

    Retain the default value of su.

  4. Choose Resource > Account. The new Sudo login account is displayed.

    Figure 3 Viewing a privilege escalation account

  5. Choose Policy > ACL Rules, and assign the newly created Sudo login account [root->su] to admin_A.