[Freeipa-users] another sudo su question

[Steven Jones]

This is exactly my sort of thing as well.

We seem to be in the freeipa group yet ppl are telling me to use pam.d...no one has really said you cannot do this in IPA, or you can and this is how......

:/

The very idea of using IPA is to stop having to do such local configuration....

regards

Steven Jones

Technical Specialist - Linux RHCE

Victoria University, Wellington, NZ

0064 4 463 6272

________________________________________
From: freeipa-users-bounces at redhat.com [freeipa-users-bounces at redhat.com] on behalf of KodaK [sakodak at gmail.com]
Sent: Wednesday, 18 July 2012 3:50 a.m.
To: freeipa-users at redhat.com
Subject: [Freeipa-users] another sudo su question

I've been banging my head on this for a couple of days, and I can't
find anything in the docs or by searching.

I'm trying to do what I think should be pretty simple:  I have a group
of users and an application account, all in IPA.  I want users in that
group to be able to "sudo su - appacct".

What I've found is that I probably can't do it exactly like that, so
now I'm trying "sudo -i appacct", but I can't get that to work either.

My rule is set up like this:

rule name:  become-appacct
sudo option:  -i appacct       (I'm not sure this is right.)
user groups:  admins, appgroup
host groups:  apphostgroup

Everything else is blank.  Note that this is just the current
configuration, I've tried a bunch of iterations.

Any help?

Thanks,

--Jason

--
The government is going to read our mail anyway, might as well make it
tough for them.  GPG Public key ID:  B6A1A7C6

_______________________________________________
Freeipa-users mailing list
Freeipa-users at redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users