[Freeipa-users] Sudo rule processing order
Fred van Zwieten
fvzwieten at vxcompany.com
Fri Jan 10 10:52:16 UTC 2014
Hi,
I have a sudo rule in IPA that has the !authenticate option added to enable
admins to execute certain programs as root without authentication.
It doesn't work. There is another rule for the admins that allow all
commands as long as they give their password.
In a sudoers file, you can solve this by specifing the nopasswd rule as
last.
sudo -l from an IPA-client gives me this:
*******@svr001 ~]$ sudo -l
Matching Defaults entries for ******* on this host:
requiretty, !visiblepw, always_set_home, env_reset, env_keep="COLORS
DISPLAY HOSTNAME HISTSIZE INPUTRC KDEDIR LS_COLORS", env_keep+="MAIL PS1
PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE", env_keep+="LC_COLLATE
LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES", env_keep+="LC_MONETARY
LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE", env_keep+="LC_TIME LC_ALL
LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY",
secure_path=/sbin\:/bin\:/usr/sbin\:/usr/bin
User ******** may run the following commands on this host:
(root) NOPASSWD: ALL
(root) /bin/cat, /bin/egrep, /bin/find, /bin/grep, /bin/ls, /bin/more,
/usr/bin/less, !/bin/su
(root) NOPASSWD: /usr/bin/cobbler
(root) !/bin/su
I want the cobbler command to run without password authentication. What am
I doing wrong?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140110/7e18b9f2/attachment.htm>
More information about the Freeipa-users
mailing list