[Freeipa-users] sudo setup in Ubuntu

Sanju A sanju.a at tcs.com
Thu Sep 18 05:02:31 UTC 2014 

Dear All,

I have tried with the settings as mentioned here. But still the issue 
persists.




Regards
Sanju Abraham
IS - Network/System Administrator
Tata Consultancy Services
TCS Centre SEZ Unit,
Infopark PO,
Kochi - 682042,Kerala
India
Ph:-   +91 484 6187490
Mailto: sanju.a at tcs.com
Website: http://www.tcs.com
____________________________________________
Experience certainty.   IT Services
                        Business Solutions
                        Consulting
____________________________________________



From:   Tevfik Ceydeliler <tevfik.ceydeliler at astron.yasar.com.tr>
To:     <freeipa-users at redhat.com>
Date:   17-09-2014 19:46
Subject:        Re: [Freeipa-users] sudo setup in Ubuntu
Sent by:        freeipa-users-bounces at redhat.com



Thanks to Lukas:
Step 0: Install freipa-client on ubuntu 14.04 and configure sudo 
integration

root at ubuntu1404:/# ipa-client-install --no-ntp
root at ubuntu1404:/# echo "sudoers: files sss" >> /etc/nsswitch.conf

root at ubuntu1404:/# grep services /etc/sssd/sssd.conf
services = nss, pam
root at ubuntu1404:/# sed -i -e 's/\(services.*\)/\1, sudo/' 
/etc/sssd/sssd.conf
root at ubuntu1404:/# grep services /etc/sssd/sssd.conf
services = nss, pam, sudo


Step 1: configure sudo rules for ordinary user
    Please follow the instructions from FreeIPA documentation.
    http://www.freeipa.org/docs/master/html-desktop/index.html#sudo


  This step was skipped, becuase it was already done few months ago 


Step 2: login to machine as ordinary user, which is allowed to use sudo.

$ su usersssd01
Password:
$ id
uid=325600011(usersssd01) gid=325600011(usersssd01) 
groups=325600011(usersssd01),30011(biggroup1)


Step 3: run command
    sudo -l
    // this command should show you which commands can be executed as root
    // with sudo

$ sudo -l
sudo: unable to resolve host ubuntu1404.example.test
[sudo] password for usersssd01:
Matching Defaults entries for usersssd01 on ubuntu1404:
    env_reset, mail_badpass,
 
secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:/usr/bin\:/sbin\:/bin

User usersssd01 may run the following commands on ubuntu1404:
    (root) /usr/bin/less, /usr/bin/vim


Step 4: If there weren't any problems then user will be able to run 
command.
    sudo some_command_listed_in_step3

$ sudo /usr/bin/less /etc/shadow | wc -l
21
$ echo $?
0

$ sudo apt-get install mc
Sorry, user usersssd01 is not allowed to execute '/usr/bin/apt-get install 
mc' as root on ubuntu.example.test.
$ echo $?
1

On 17-09-2014 16:54, Sanju A wrote:
Dear All, 

I am able to configure the sudo settings in Centos clients by 
adding/modifying  the entries in /etc/nsswitch.conf and 
/etc/sudo-ldap.conf. What is the exact steps for the configuration in 
Ubuntu as I am not able find the configuration file sudo-ldap.conf in 
Ubuntu. 


Regards
Sanju Abraham
IS - Network/System Administrator
Tata Consultancy Services
TCS Centre SEZ Unit,
Infopark PO,
Kochi - 682042,Kerala
India
Ph:-   +91 484 6187490
Mailto: sanju.a at tcs.com
Website: http://www.tcs.com
____________________________________________
Experience certainty.        IT Services
                       Business Solutions
                       Consulting
____________________________________________ 
=====-----=====-----=====
Notice: The information contained in this e-mail
message and/or attachments to it may contain 
confidential or privileged information. If you are 
not the intended recipient, any dissemination, use, 
review, distribution, printing or copying of the 
information contained in this e-mail message 
and/or attachments to it are strictly prohibited. If 
you have received this communication in error, 
please notify us by reply e-mail or telephone and 
immediately and permanently delete the message 
and any attachments. Thank you



-- 







Bu elektronik postada bulunan tum fikir ve gorusler ve ekindeki dosyalar 
sadece adres sahip/sahiplerine ait olup, Yasar Toplulugu Sirketleri bu 
mesajin icerigi ile ilgili olarak hic bir hukuksal sorumlulugu kabul 
etmez. Eger gonderilmesi dusunulen kisi veya kurulus degilseniz, lutfen 
gonderen kisiyi derhal haberdar ediniz ve mesaji sisteminizden siliniz.The 
information contained in this e-mail and any files transmitted with it are 
intended solely for the use of the individual or entity to whom they are 
addressed and Yasar Group Companies do not accept legal responsibility for 
the contents. If you are not the intended recipient, please immediately 
notify the sender and delete it from your system.
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140918/a5bbffa7/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 7833 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140918/a5bbffa7/attachment.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/png
Size: 15216 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140918/a5bbffa7/attachment.png>

More information about the Freeipa-users mailing list