[Freeipa-users] Sudo options
Erinn Looney-Triggs
erinn.looneytriggs at gmail.com
Wed Jan 18 21:29:08 UTC 2012
On 01/18/2012 11:50 AM, JR Aquino wrote:
> On Jan 18, 2012, at 11:47 AM, Erinn Looney-Triggs wrote:
>
>> I can't really figure out what the proper syntax is for the sudo rules
>> in IPA. I have a number of options that I would like included by
>> default, I have put them in place, from ipa sudorule-show:
>>
>> Sudo Option: env_keep = "LESSSECURE", env_reset, mail_badpass,
>> mail_no_host, mail_no_perms, syslog = local2
>
> It looks to be getting confused by the whitespace.
>
> Remove the whitespace for env_keep = "LESSSECURE" & syslog = local2 to:
> env_keep="LESSSECURE"
> syslog=local2
>
> Let me know if that helps.
>
> Also, can you post a compare against:
>
> ipa sudorule-show defaults
>
> vs
>
> <a host you want to run sudo on> $ sudo -l
>
>
>>
>> This doesn't appear to work, when sudo is run:
>>
>> sudo: unknown defaults entry `env_keep '
>> sudo: unknown defaults entry `mail_badpass, mail_no_host, mail_no_perms,
>> syslog '
>>
>> One thing that jumps out at me is that the '= whatever' portion is not
>> being maintained.
>>
>> The directions in the IDM guide are less than clear, simply referencing
>> the sudoers page for options. These are all valid sudo options, this is
>> basically a straight port over from a sudoers file.
>>
>> So anyone have any experience doing this bit?
>>
>> -Erinn
>>
>> _______________________________________________
>> Freeipa-users mailing list
>> Freeipa-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>
Sorry missed the second part.
From sudo -l:
requiretty, env_reset, env_keep="COLORS DISPLAY EDITOR HOSTNAME HISTSIZE
INPUTRC KDEDIR LESSSECURE LS_COLORS MAIL PATH PS1 PS2 QTDIR USERNAME
LANG
LC_ADDRESS LC_CTYPE LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT
LC_MESSAGES
LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE LC_TIME LC_ALL
LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY", mail_badpass, mail_no_host,
mail_no_perms, syslog=local2
from sudorule-show:
Sudo Option: env_keep = "LESSSECURE", env_reset, mail_badpass,
mail_no_host, mail_no_perms, syslog = local2
-Erinn
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 554 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20120118/54e2ba1f/attachment.sig>
More information about the Freeipa-users
mailing list