Create a sudo entitlement
To create a sudo entitlement:
- Open the Advanced Server Access dashboard from an adminAn abbreviation of administrator. This is the individual(s) who have access to the Okta Administrator Dashboard. They control the provisioning and deprovisioning of end users, the assigning of apps, the resetting of passwords, and the overall end user experience. Only administrators have the Administration button on the upper right side of the My Applications page. account.
- Click Entitlements.
- Click Create Sudo Entitlement. The Create Sudo Entitlement window appears.
- Enter a name and description for the entitlement in the Entitlement Name and Description fields.
- Select the type of sudo entitlement to create from the drop-down box. This is one of Executable, Raw, or Directory. If you're configuring an Executable command, you must specify which kinds of arguments the command will take by choosing one of: Any arguments, No arguments, or Specific arguments. If you select Specific arguments, enter the arguments to allow in the field that appears.
- Enter the command to add in the field beside the sudo entitlement command type pull-down box.
- You can add additional commands to a sudo entitlement by clicking + Add Another Command and repeating the above steps for each command to add.
- To access advanced configuration options for sudo entitlements, expand Advanced Configuration. These settings apply to all commands defined for a sudo entitlement.
- To run all of the commands defined in the sudo entitlement as a specific non-root user, enter the username in the Run As field.
- Clear Enable NOPASSWD if you do not want the user to be able to run sudo without a password. This option is selected by default, allowing users to run sudo without a password.
- Select Enable NOEXEC if you do not want to allow commands to execute child processes.
- Select Enable SETENV if you want to allow the overriding of environment variables to commands.
- You can further refine the environment variable settings for a sudo entitlement by setting the env_keep += and env_keep -= arguments. See your system's sudo documentation for details.