[Freeipa-users] Sudo options

Erinn Looney-Triggs erinn.looneytriggs at gmail.com
Wed Jan 18 21:29:08 UTC 2012 

On 01/18/2012 11:50 AM, JR Aquino wrote:
> On Jan 18, 2012, at 11:47 AM, Erinn Looney-Triggs wrote:
> 
>> I can't really figure out what the proper syntax is for the sudo rules
>> in IPA. I have a number of options that I would like included by
>> default, I have put them in place, from ipa sudorule-show:
>>
>> Sudo Option: env_keep = "LESSSECURE", env_reset, mail_badpass,
>> mail_no_host, mail_no_perms, syslog = local2
> 
> It looks to be getting confused by the whitespace.
> 
> Remove the whitespace for env_keep = "LESSSECURE" & syslog = local2 to: 
> env_keep="LESSSECURE"
> syslog=local2
> 
> Let me know if that helps.
> 
> Also, can you post a compare against:
> 
> ipa sudorule-show defaults
> 
> vs
> 
> <a host you want to run sudo on> $ sudo -l
> 
> 
>>
>> This doesn't appear to work, when sudo is run:
>>
>> sudo: unknown defaults entry `env_keep '
>> sudo: unknown defaults entry `mail_badpass, mail_no_host, mail_no_perms,
>> syslog '
>>
>> One thing that jumps out at me is that the '= whatever' portion is not
>> being maintained.
>>
>> The directions in the IDM guide are less than clear, simply referencing
>> the sudoers page for options. These are all valid sudo options, this is
>> basically a straight port over from a sudoers file.
>>
>> So anyone have any experience doing this bit?
>>
>> -Erinn
>>
>> _______________________________________________
>> Freeipa-users mailing list
>> Freeipa-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-users
> 

Sorry missed the second part.

From sudo -l:

    requiretty, env_reset, env_keep="COLORS DISPLAY EDITOR HOSTNAME HISTSIZE
    INPUTRC KDEDIR LESSSECURE LS_COLORS MAIL PATH PS1 PS2 QTDIR USERNAME
LANG
    LC_ADDRESS LC_CTYPE LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT
LC_MESSAGES
    LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE LC_TIME LC_ALL
    LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY", mail_badpass, mail_no_host,
    mail_no_perms, syslog=local2

from sudorule-show:

Sudo Option: env_keep = "LESSSECURE", env_reset, mail_badpass,
mail_no_host, mail_no_perms, syslog = local2

-Erinn

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 554 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20120118/54e2ba1f/attachment.sig>

More information about the Freeipa-users mailing list