[Freeipa-users] Sudo options
JR Aquino
JR.Aquino at citrix.com
Wed Jan 18 21:37:58 UTC 2012
On Jan 18, 2012, at 1:24 PM, Erinn Looney-Triggs wrote:
On 01/18/2012 11:50 AM, JR Aquino wrote:
On Jan 18, 2012, at 11:47 AM, Erinn Looney-Triggs wrote:
I can't really figure out what the proper syntax is for the sudo rules
in IPA. I have a number of options that I would like included by
default, I have put them in place, from ipa sudorule-show:
Sudo Option: env_keep = "LESSSECURE", env_reset, mail_badpass,
mail_no_host, mail_no_perms, syslog = local2
It looks to be getting confused by the whitespace.
Remove the whitespace for env_keep = "LESSSECURE" & syslog = local2 to:
env_keep="LESSSECURE"
syslog=local2
Let me know if that helps.
Also, can you post a compare against:
ipa sudorule-show defaults
vs
<a host you want to run sudo on> $ sudo -l
This doesn't appear to work, when sudo is run:
sudo: unknown defaults entry `env_keep '
sudo: unknown defaults entry `mail_badpass, mail_no_host, mail_no_perms,
syslog '
One thing that jumps out at me is that the '= whatever' portion is not
being maintained.
The directions in the IDM guide are less than clear, simply referencing
the sudoers page for options. These are all valid sudo options, this is
basically a straight port over from a sudoers file.
So anyone have any experience doing this bit?
-Erinn
_______________________________________________
Freeipa-users mailing list
Freeipa-users at redhat.com<mailto:Freeipa-users at redhat.com>
https://www.redhat.com/mailman/listinfo/freeipa-users
It looks like this was actually ttwo problems, one the quoting, and the
second that via the web ui, I had put multiple options on a single line
separated by a comma, so initially one rule was:
mail_badpass, mail_no_host, mail_no_perms, syslog = local2
After fixing the spacing issue, as well as putting each into it's own
statement everything worked just fine.
There should probably either be better documentation, or better
validation of input for those options, or ideally both :). I reckon I
will open a bug up.
Thanks! I agree with you. Might even help to do some level of input validation as well.
Thanks again!
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Jr Aquino, GCIH, GWAPT | Sr. Information Security Specialist
Citrix Online | 7408 Hollister Avenue | Goleta, CA 93117
T: +1 805.690.3478
jr.aquino at citrixonline.com<mailto:jr.aquino at citrixonline.com>
http://www.citrixonline.com
[cid:image001.jpg at 01CB2FE6.2B7BFA80]
Access Your PC or Mac From Anywhere: www.gotomypc.com
Online Meetings Made Easy: www.gotomeeting.com
Web Events Made Easy: www.gotowebinar.com
Remote Support Made Easy: www.gotoassist.com
Thanks for the help,
-Erinn
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 3720 bytes
Desc: image001.jpg
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20120118/6a7e7096/attachment.jpg>
More information about the Freeipa-users
mailing list