[Freeipa-users] Sudo options
Erinn Looney-Triggs
erinn.looneytriggs at gmail.com
Wed Jan 18 21:24:24 UTC 2012
On 01/18/2012 11:50 AM, JR Aquino wrote:
> On Jan 18, 2012, at 11:47 AM, Erinn Looney-Triggs wrote:
>
>> I can't really figure out what the proper syntax is for the sudo rules
>> in IPA. I have a number of options that I would like included by
>> default, I have put them in place, from ipa sudorule-show:
>>
>> Sudo Option: env_keep = "LESSSECURE", env_reset, mail_badpass,
>> mail_no_host, mail_no_perms, syslog = local2
>
> It looks to be getting confused by the whitespace.
>
> Remove the whitespace for env_keep = "LESSSECURE" & syslog = local2 to:
> env_keep="LESSSECURE"
> syslog=local2
>
> Let me know if that helps.
>
> Also, can you post a compare against:
>
> ipa sudorule-show defaults
>
> vs
>
> <a host you want to run sudo on> $ sudo -l
>
>
>>
>> This doesn't appear to work, when sudo is run:
>>
>> sudo: unknown defaults entry `env_keep '
>> sudo: unknown defaults entry `mail_badpass, mail_no_host, mail_no_perms,
>> syslog '
>>
>> One thing that jumps out at me is that the '= whatever' portion is not
>> being maintained.
>>
>> The directions in the IDM guide are less than clear, simply referencing
>> the sudoers page for options. These are all valid sudo options, this is
>> basically a straight port over from a sudoers file.
>>
>> So anyone have any experience doing this bit?
>>
>> -Erinn
>>
>> _______________________________________________
>> Freeipa-users mailing list
>> Freeipa-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>
It looks like this was actually ttwo problems, one the quoting, and the
second that via the web ui, I had put multiple options on a single line
separated by a comma, so initially one rule was:
mail_badpass, mail_no_host, mail_no_perms, syslog = local2
After fixing the spacing issue, as well as putting each into it's own
statement everything worked just fine.
There should probably either be better documentation, or better
validation of input for those options, or ideally both :). I reckon I
will open a bug up.
Thanks for the help,
-Erinn
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 554 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20120118/1c2c7d17/attachment.sig>
More information about the Freeipa-users
mailing list