[Freeipa-users] Sudo Commands and groups confusion
Sina Owolabi
shinacalypse at gmail.com
Tue Jun 11 23:56:13 UTC 2013
Hi
Please help me understand what I am doing wrong:
Im using two RHEL6.4 ipa servers in a multi-master configuration
Instead of creating multiple sudocmdgroups and sudo rules, I tried to
subset what I could see in the /etc/sudoers files and have nested command
groups and rules, to be applied to certain users and hostgroups as needed.
I have a hostgroup called allservers, which applies to all servers.
The allservers hostgroup is a member of sudo rule admin-commands, which I
created for specific users to be able to run admin commands on all servers.
I have added as members, multiple sudogroups, each of which have a number
of commands inside of them. Despite this, I find that sudo does not allow
me to run any command as the users added to the admin-command rule. Please
help me see where my logic is broken, and what to do to fix. Thanks a lot
in advance.
My sudo-ldap.conf is correctly configured, and so is nsswitch.conf.
Output is below:
sudo service httpd status
[sudo] password for tuser:
tuser is not allowed to run sudo on waphost. This incident will be
reported.
ipa sudorule-find admin-commands
-------------------
1 Sudo Rule matched
-------------------
Rule name: admin-commands
Enabled: TRUE
Users: tuser
Host Groups: allservers
Sudo Allow Command Groups: locate, networking, rooting, services,
software, storage
Sudo Option: !authenticate
----------------------------
Number of entries returned 1
----------------------------
--
best regards,
Sina Owolabi
+2348034022578
+2348176469061
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20130612/ec366c85/attachment.htm>
More information about the Freeipa-users
mailing list