[Freeipa-users] sudorules - allow all and exclude some
Szymon Jazy
szymon.jazy at gmail.com
Wed May 7 08:31:12 UTC 2014
Hello,
Is there a proper way in sudo rules to allow any command and exclude only
some groups?
Something like:
%test_group ALL= (ALL) ALL, !SU, !SHELLS
If I try to do this (gui/cli) I get an error:
ipa: ERROR: commands cannot be added when command category='all'
Non proper way (bug ?) is to first add deny groups and after that add allow
all :)
It should be fixed in this, but it seems to still work
(freeipa-server-3.3.4-3)
https://fedorahosted.org/freeipa/ticket/1440
Thanks
Szymon
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140507/5cd513d2/attachment.htm>
More information about the Freeipa-users
mailing list