From 9a404d34bd58d20235a0af4fb63b2686d90659e8 Mon Sep 17 00:00:00 2001
From: "Todd C. Miller" <Todd.Miller@courtesan.com>
Date: Fri, 30 Mar 2012 12:59:35 -0400
Subject: [PATCH] Add entry for AIX enhanced RBAC config.

--HG--
branch : 1.7
---
 TROUBLESHOOTING | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/TROUBLESHOOTING b/TROUBLESHOOTING
index a4c440e3a..05accb6a2 100644
--- a/TROUBLESHOOTING
+++ b/TROUBLESHOOTING
@@ -223,6 +223,17 @@ A) ssh does not allocate a tty by default when running a remote command.
    Alternately, if you do not mind your password being echoed to the
    screen, you can use the "visiblepw" sudoers option to allow this.
 
+Q) When I run sudo on AIX I get the following error:
+    sudo: unable to change to sudoers gid: Operation not permitted.
+A) AIX's Enhanced RBAC is preventing sudo from running.  To fix
+   this, add the following entry to /etc/security/privcmds (adjust
+   the path to sudo as needed) and run the setkst command as root:
+
+    /usr/local/bin/sudo:
+	    accessauths = ALLOW_ALL
+	    innateprivs = PV_DAC_GID,PV_DAC_O,PV_DAC_R,PV_DAC_UID,PV_DAC_W,PV_DAC_X,PV_FS_CHOWN,PV_PROC_ENV,PV_PROC_PRIO,PV_PROC_RAC
+	    secflags = FSF_EPS
+
 Q) How do you pronounce `sudo'?
 A) The official pronunciation is soo-doo (for su "do").  However, an
    alternate pronunciation, a homophone of "pseudo", is also common.
-- 
2.40.0