[389-users] /etc/sudoers VS sudo-objects in directory server
Morris, Patrick
patrick.morris at hp.com
Fri Jan 8 17:04:03 UTC 2010
Anne Cross wrote:
>> Hi Anne!
>>
>> On Thu, 31 Dec 2009, Anne Cross wrote:
>>
>>
>>> As I understood it, you could only use entries in /etc/group as opposed to using LDAP groups (which is what we're after.) Our goal was to not need to manage locally stored files - we might as well manage /etc/sudoers as /etc/group in that instance.
>>>
>>>
>> You understood incorrectly. You can use LDAP groups.
>>
>
> Oh wow. You just made my day. Could I ask for an example of how you're defining it inside of a sudoers object? I'd *really* appreciate it. The last time I went digging through the documentation, I couldn't find any examples, and now "assume" is making an idiot out of me.
>
You don't need to do anything special. Assuming your system is
configured to look in LDAP for groups, you just specify them be
preceding them with an @, just like local groups.
More information about the Fedora-directory-users
mailing list