This document guides you on how to create a sudo control rule in EPM macOS with user segregation, allowing you to apply specific execution rules only to selected accounts.
Access path
- In Segura, on the navigation bar, hover over the products menu and select EPM.
- In the side menu, select Policies > macOS > Sudo rules.
- Click Add to start creating a new rule.
Segregation screen
- On the Segregation screen, select the User option.
This option allows applying the rule only to specific accounts with the EPM agent active.
- Click Continue.
Sudo rules tab
- Fill in the following fields:
- Identification Name*: define a representative name for the rule.
- Enabled*: select Yes to activate immediately.
- Commands for rule application (must be used the full path)*: enter the full path of the command to be controlled.
- It should be NOPASSWD?*: select Yes if you want to allow execution without password prompt.
- Description: enter additional notes about the rule.
- Click Continue to proceed to the next step.
Users tab
- On the Users tab, the list of registered accounts will be displayed.
- Click Add.
- In the displayed window, check the desired users.
- Use the search field to locate by name or domain.
- Click Add to confirm.
- The selected users will be listed in the table.
- Click Continue to proceed to the next step.
Review tab
- Review all the information entered.
- If everything is correct, click Save to complete the rule registration.