Configure the MID Server to use specific privileged commands

You can configure the MID Server to use specific privileged commands, using a configuration parameter.

Before you begin

Role required: admin

About this task

Starting with Geneva Patch 8, users can specify any privileged command for a MID Server to run, not just the supported commands. All new privileged commands use a common processor that runs this command on the target to determine if the privileged command exists: command -v priv_command. When applying the privileged command, the processor assumes:
  • All shell commands are allowed.
  • No password is required.
  • TTy is always required.

Procedure

  1. Navigate to the list of MID Servers using one of the following paths:
    • MID Server > Servers
    • Discovery > MID Servers
    • Orchestration > MID Servers
  2. Open the MID Server to which you want to add the privileged command.
  3. In the Configuration Parameters related list, click New.
  4. Complete these fields in the form:
    • MID server: The name of the MID Server using this parameter is automatically added to this field.
    • Parameter name: Select the mid.ssh.privileged_commands parameter from the list.
    • Value: List the privileged commands you want this MID Server to use in a comma separated list. The supported commands are: dzdo, pfexec, pbrun, and sudo. Starting with Geneva Patch 8, you can use the value in this field to execute any privileged command, such as a customized sudo command or any privileged command in your environment. You can also use it to create special configurations of supported privileged commands. For example, you can set prbun -u admin as one privileged command to run with an admin profile. Only one of these special configurations is allowed per privileged command on a MID Server. You can configure pbrun, dzdo for a specific MID Server, but not pbrun -u admin, pbrun -u system.
      Note: Remember that the target host must support the command you specify.
  5. Click Submit.