[Freeipa-users] sudorules - allow all and exclude some
Jakub Hrozek
jhrozek at redhat.com
Wed May 7 09:17:54 UTC 2014
On Wed, May 07, 2014 at 10:31:12AM +0200, Szymon Jazy wrote:
> Hello,
> Is there a proper way in sudo rules to allow any command and exclude only
> some groups?
> Something like:
> %test_group ALL= (ALL) ALL, !SU, !SHELLS
> If I try to do this (gui/cli) I get an error:
> ipa: ERROR: commands cannot be added when command category='all'
>
> Non proper way (bug ?) is to first add deny groups and after that add allow
> all :)
> It should be fixed in this, but it seems to still work
> (freeipa-server-3.3.4-3)
> https://fedorahosted.org/freeipa/ticket/1440
>
> Thanks
> Szymon
Hi Szymon,
freeipa-users might be a good place to ask this question. As you
noticed, plain sudo does support this functionality, but I'm not
completely sure about IPA's UI. The IPA developers would know, I'm sure.
More information about the Freeipa-users
mailing list