How to create a sudo rule with device segregation

Prev Next

This document guides you on how to create a sudo control rule in EPM macOS with device-type segregation, allowing you to apply specific rules only to selected machines.

Access path

  1. In Segura, on the navigation bar, hover over the product menu and select EPM.
  2. In the side menu, select Policies > macOS > Sudo rules.
  3. Click Add to start creating a new rule.

Segregation screen

  1. On the Segregation screen, select the Device option.

This option allows applying the rule only to specific devices with the EPM agent active.

  1. Click Continue.

Sudo rules tab

  1. Fill in the following fields:
  • Identification Name*: define a representative name for the rule.
  • Enabled*: select Yes to activate immediately.
  • Commands for rule application (must be used the full path)*: enter the full path of the command to be controlled.
  • It should be NOPASSWD?*: select Yes if you want to allow execution without a password prompt.
  • Description: enter additional notes about the rule.
  1. Click Continue to proceed to the next step.

Devices tab

  1. Click the Add button.
  2. In the displayed window, select the desired devices.
  3. Use the search field to locate devices by name, IP, domain, or operating system.
  4. Click Add in the bottom corner of the window.

The selected devices will be listed in the table.

  1. Click Continue to proceed.

Review tab

  1. Review all the information entered.
  2. If everything is correct, click Save to complete the rule registration.