Required Permissions

You can use root user for managing your applications, however it is recommended to use a minimum permission user. For example, a sudo user for managing your applications.

If you want to use a sudo user to perform the operations, the sudo user must be configured with the following rights and permissions.

Rights to execute the following commands with root privilege:

Copy

/bin/chmod, /usr/sbin/useradd, /usr/sbin/usermod,/usr/sbin/userdel,
/usr/sbin/groupadd, /usr/sbin/groupmod, /usr/sbin/groupdel, /usr/bin/passwd,
/usr/bin/groups, /usr/bin/date, /bin/rm -f spt_tmp_*, /bin/echo,
/usr/bin/find, /bin/cat /etc/shadow, /bin/cat /etc/passwd,
/bin/cat /etc/group,/bin/cat /etc/user_attr, /usr/bin/getent,
/bin/grep -i * /etc/default/login, /bin/grep -i * /etc/security/policy.conf,
/usr/bin/finger, /usr/bin/dispuid, /usr/bin/awk

An entry in the /etc/sudoers file must look similar to the following:

Copy

username ALL = (root) PASSWD: /bin/chmod, /usr/sbin/useradd, /usr/sbin/usermod,
/usr/sbin/userdel, /usr/sbin/groupadd, /usr/sbin/groupmod, /usr/sbin/groupdel,
/usr/bin/passwd, /usr/bin/groups, /usr/bin/date, /bin/rm -f spt_tmp_*,
/bin/echo, /usr/bin/find, /bin/cat /etc/shadow, /bin/cat /etc/passwd,
/bin/cat /etc/group,/bin/cat /etc/user_attr, /usr/bin/getent,
/bin/grep -i * /etc/default/login, /bin/grep -i * /etc/security/policy.conf,
/usr/bin/finger, /usr/bin/dispuid, /usr/bin/awk

Note

If any part of the command is modified in the source XML, then the respective changes in the /etc/sudoers file entry should also be performed. Verify command paths on the Solaris systems as they might differ from the values mentioned here.

Sudo User

If you want to use a sudo user to perform the operations, you must configure the sudo user with the following rights and permissions.

Note
If you want to use a sudo user to perform the provisioning operations, configure the home directory with proper write access for this sudo user. For example, if a sudo user is using the Guest home directory, then ensure it has proper write access over the Guest home directory.

Rights to execute the following commands with root privilege:

Copy

/bin/chmod, /usr/sbin/useradd, /usr/sbin/usermod,/usr/sbin/userdel,
/usr/sbin/groupadd, /usr/sbin/groupmod, /usr/sbin/groupdel,
/usr/bin/passwd, /usr/bin/groups, /usr/bin/date, /bin/rm -f spt_tmp_*,
/bin/echo, /usr/bin/find, /bin/cat /etc/shadow, /bin/cat /etc/passwd,
/bin/cat /etc/group,/bin/cat /etc/user_attr, /usr/bin/getent,
/bin/grep -i * /etc/default/login, /bin/grep -i * /etc/security/policy.conf,
/usr/bin/finger, /usr/bin/dispuid, /usr/bin/awk

An entry in the /etc/sudoers file should look similar to the following:

Copy

username ALL = (root) PASSWD: /bin/chmod, /usr/sbin/useradd,
/usr/sbin/usermod,/usr/sbin/userdel, /usr/sbin/groupadd, /usr/sbin/groupmod, 
/usr/sbin/groupdel,/usr/bin/passwd, /usr/bin/groups, /usr/bin/date, 
/bin/rm -f spt_tmp_*, /bin/echo, /usr/bin/find, /bin/cat /etc/shadow, 
/bin/cat /etc/passwd, /bin/cat /etc/group, /bin/cat /etc/user_attr,
/usr/bin/getent, /bin/grep -i * /etc/default/login, 
/bin/grep -i * /etc/security/policy.conf, /usr/bin/finger, /usr/bin/dispuid,/usr/bin/awk

Note
The permission for the find command is required for unstructured target collector.

Read Only permissions

If you want to use a sudo user to perform read only operations, you must configure the sudo user with the following rights and permissions.

For Account Aggregation only

Rights to execute the following commands with root privilege:

Copy

/bin/echo, /bin/cat /etc/group, /bin/grep, /bin/rm -f spt_tmp_*, /bin/cat /etc/passwd,
/bin/cat /etc/shadow, /bin/cat /etc/user_attr, /usr/bin/date,
/bin/grep -i 'RETRIES=' /etc/default/login, /bin/grep -i 'Lock_After_Retries=' /etc/security/policy.conf

An entry in the /etc/sudoers file must look similar to the following:

Copy

username ALL = (root) PASSWD: /bin/echo, /bin/cat /etc/group, /bin/grep,
/bin/rm -f spt_tmp_*, /bin/cat /etc/passwd, /bin/cat /etc/shadow,
/bin/cat /etc/user_attr, /usr/bin/date, /bin/grep -i 'RETRIES=' /etc/default/login,
/bin/grep -i 'Lock_After_Retries=' /etc/security/policy.conf

For Entitlements Aggregation only

Rights to execute the following commands with root privilege:

Copy

/bin/echo, /bin/cat /etc/group, /bin/rm -f spt_tmp_*, /bin/grep

An entry in the /etc/sudoers file must look similar to the following:

Copy

username ALL = (root) PASSWD: /bin/echo, /bin/cat /etc/group, /bin/rm -f spt_tmp_*, /bin/grep

Supported Authentication methods

The Solaris Connector supports the following authentication methods for root and sudo user:

publickey
username and password

Feedback is provided as an informational resource only and does not form part of SailPoint's official product documentation. SailPoint does not warrant or make any guarantees about the feedback (including without limitation as to its accuracy, relevance, or reliability). All feedback is subject to the terms set forth at https://developer.sailpoint.com/discuss/tos.


	You are here:

Required Permissions

Sudo User

Read Only permissions

For Entitlements Aggregation only

Supported Authentication methods

Documentation Feedback