How Do I Set a Sudo Privilege Escalation Account for the Managed Resource?
CBH supports adding Sudo login accounts for SSH and Telnet hosts.
Account test can be used by the O&M engineer admin_A to log in to the target host. However, account test has limited permissions. In this case, the CBH system administrator can use the sudo command to escalate the privileges of account test for O&M purpose of engineer admin_A. After the sudo privilege escalation is configured, the system automatically switches to the Sudo account login page when engineer admin_A logs in to the target host using account test. The administrator can configure a sudo privilege escalation login account as follows:
- Choose Resource > Host.
- Locate the row where the target host resides and click More > Add Account in the Operation column.
Figure 1 Adding an account
- Select Sudo Login for Login Type, complete other required information, and click OK.
Figure 2 Adding a sudo privilege escalation account
Table 1 Parameters for setting a sudo privilege escalation account Parameter
Description
Login Type
Select Sudo Login.
Password
Enter the login password of an account with the highest level of permissions to the target host.
For example, if user root has the highest permission to the managed host, enter the password of user root.
Switch from
Select the account with no privilege escalation configured.
Switch command
Retain the default value of su.
- Choose Resource > Account. The new Sudo login account is displayed.
Figure 3 Viewing a privilege escalation account
- Choose Policy > ACL Rules, and assign the newly created Sudo login account [root->su] to admin_A.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.