[Freeipa-users] sudo and NIS domain name
Dean Hunter
deanhunter at comcast.net
Thu May 1 20:53:04 UTC 2014
On Thu, 2014-05-01 at 16:32 -0400, Dmitri Pal wrote:
> On 05/01/2014 04:07 PM, Dean Hunter wrote:
>
> >
> > I just noticed that I had been incorrectly setting the NIS domain
> > name since upgrading to Fedora 20 and FreeIPA 3.3.4, yet I appear to
> > be successfully retrieving and using sudo rules from FreeIPA. Is
> > sudo still using NIS-style netgroups? Is there still a requirement
> > to set the NIS domain name?
>
>
> I think NIS domain is needed for netgroups. If you are not using
> netgroups in the sudo rules but just user groups you should be fine.
> Is this the case with you?
> If not please provide the logs and config.
>
I am not aware of using netgroups, either the IPA object or any other
kind. I just remember that when I was first configuring sudo to
retrieve rules from IPA it would not work until I set nisdomainname
in /etc/rc.d/rc.local. Here is the quote from section 14.4 of the
manual:
Even though sudo uses NIS-style netgroups, it is not necessary
to have a NIS server installed. Netgroups require that a NIS
domain be named in their configuration, so sudo requires that a
NIS domain be named for netgroups. However, that NIS domain does
not actually need to exist.
With Fedora 20 I can no longer find the emulation of rc.local that
existed in Fedora 19. I did find fedora-domainname.service and started
and enabled it but neglected to configure /etc/sysconfig/network. Yet
IPA sudo rules appear to work.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140501/20d8289d/attachment.htm>
More information about the Freeipa-users
mailing list