Create a sudo command bundle
Create a sudo command bundle to enforce granular permissions for Okta Privileged Access users to access Linux-based servers. Each sudo command bundle can contain a maximum of 64 commands.
Before you begin
-
You must have a resource admin role.
-
Review Sudo command bundle rules.
Start the task
-
Go to
. -
Click Create sudo command.
-
On the Create sudo command page, complete the following:
Task Action Name and description Enter a name and description for the command in the Command name and description fields. Commands
-
Select the type of sudo command.
- Executable
- Raw
- Directory
-
If you're configuring an executable command, you must specify which kinds of arguments the command takes by choosing one of the following arguments.
- Any arguments
- No arguments
- Specific arguments
- If you select Specific arguments, enter the arguments to allow in the field that appears.
Add another command Add more commands by clicking Add Another Command and repeating the previous step. Advanced configuration
-
To access advanced configuration options for sudo commands, expand Advanced Configuration. These settings apply to all commands defined for a sudo command bundle.
-
To run all of the commands defined in the sudo command bundle as a specific non-root user, enter the username in the Run commands as a non-root user field.
-
Enable NOPASSWD is selected by default, allowing users to run sudo without a password. Ensure that this option is always enabled.
-
Select Enable NOEXEC if you don't want to allow commands to execute child processes.
-
Select Enable SETENV if you want to allow the overriding of environment variables to commands.
-
You can further refine the environment variable settings for a sudo command by setting the env_keep += and env_keep -= arguments. See your system's sudo documentation for details.
-
-
Click Create.
View, edit, or delete sudo commands
You can't delete a sudo command if it's being used in a policy.
-
Go to
. -
On the command you want to view, click the Actions menu and select View. The View sudo commands page displays the command details.