How to create a sudo rule with user segregation

Prev Next

This document guides you on how to create a sudo control rule in EPM macOS with user segregation, allowing you to apply specific execution rules only to selected accounts.

Access path

  1. In Segura, on the navigation bar, hover over the products menu and select EPM.
  2. In the side menu, select Policies > macOS > Sudo rules.
  3. Click Add to start creating a new rule.

Segregation screen

  1. On the Segregation screen, select the User option.

This option allows applying the rule only to specific accounts with the EPM agent active.

  1. Click Continue.

Sudo rules tab

  1. Fill in the following fields:
  • Identification Name*: define a representative name for the rule.
  • Enabled*: select Yes to activate immediately.
  • Commands for rule application (must be used the full path)*: enter the full path of the command to be controlled.
  • It should be NOPASSWD?*: select Yes if you want to allow execution without password prompt.
  • Description: enter additional notes about the rule.
  1. Click Continue to proceed to the next step.

Users tab

  1. On the Users tab, the list of registered accounts will be displayed.
  2. Click Add.
  3. In the displayed window, check the desired users.
  4. Use the search field to locate by name or domain.
  5. Click Add to confirm.
  6. The selected users will be listed in the table.
  7. Click Continue to proceed to the next step.

Review tab

  1. Review all the information entered.
  2. If everything is correct, click Save to complete the rule registration.