[Freeipa-users] How to use sudo rules on ubuntu
Lukas Slebodnik
lslebodn at redhat.com
Mon Sep 1 16:05:39 UTC 2014
On (01/09/14 17:52), Tevfik Ceydeliler wrote:
>
>1. I think I configure instead of this document
Sorry you didn't.
>2. I can login with ordinary user
login and sudo are not the same think.
My FreeIPA server is alredy properly configured with sudo rules.
I tried to install freipa-client on ubuntu 14.04 and it owrked without any
problem.
>>Step 0: Install freipa-client on ubuntu 14.04 and configure sudo integration
root at ubuntu1404:/# ipa-client-install --no-ntp
root at ubuntu1404:/# echo "sudoers: files sss" >> /etc/nsswitch.conf
root at ubuntu1404:/# grep services /etc/sssd/sssd.conf
services = nss, pam
root at ubuntu1404:/# sed -i -e 's/\(services.*\)/\1, sudo/' /etc/sssd/sssd.conf
root at ubuntu1404:/# grep services /etc/sssd/sssd.conf
services = nss, pam, sudo
>>Step 1: configure sudo rules for ordinary user
>> Please follow the instructions from FreeIPA documentation.
>> http://www.freeipa.org/docs/master/html-desktop/index.html#sudo
>>
This step was skipped, becuase it was already done few months ago :-)
>>Step 2: login to machine as ordinary user, which is allowed to use sudo.
$ su usersssd01
Password:
$ id
uid=325600011(usersssd01) gid=325600011(usersssd01) groups=325600011(usersssd01),30011(biggroup1)
>>Step 3: run command
>> sudo -l
>> // this command should show you which commands can be executed as root
>> // with sudo
$ sudo -l
sudo: unable to resolve host ubuntu1404.example.test
[sudo] password for usersssd01:
Matching Defaults entries for usersssd01 on ubuntu1404:
env_reset, mail_badpass,
secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:/usr/bin\:/sbin\:/bin
User usersssd01 may run the following commands on ubuntu1404:
(root) /usr/bin/less, /usr/bin/vim
>>Step 4: If there weren't any problems then user will be able to run command.
>> sudo some_command_listed_in_step3
$ sudo /usr/bin/less /etc/shadow | wc -l
21
$ echo $?
0
$ sudo apt-get install mc
Sorry, user usersssd01 is not allowed to execute '/usr/bin/apt-get install mc' as root on ubuntu.example.test.
$ echo $?
1
LS
More information about the Freeipa-users
mailing list