[Freeipa-users] sudo setup in Ubuntu

Tevfik Ceydeliler tevfik.ceydeliler at astron.yasar.com.tr
Thu Sep 18 05:08:29 UTC 2014 

Hi,
Did u add this user to sudo rule/users ?

On 18-09-2014 08:02, Sanju A wrote:
> Dear All,
>
> I have tried with the settings as mentioned here. But still the issue 
> persists.
>
>
>
>
> Regards
> Sanju Abraham
> IS - Network/System Administrator
> Tata Consultancy Services
> TCS Centre SEZ Unit,
> Infopark PO,
> Kochi - 682042,Kerala
> India
> Ph:-   +91 484 6187490
> Mailto: sanju.a at tcs.com
> Website: http://www.tcs.com <http://www.tcs.com/>
> ____________________________________________
> Experience certainty.        IT Services
>        Business Solutions
>        Consulting
> ____________________________________________
>
>
>
> From: Tevfik Ceydeliler <tevfik.ceydeliler at astron.yasar.com.tr>
> To: <freeipa-users at redhat.com>
> Date: 17-09-2014 19:46
> Subject: Re: [Freeipa-users] sudo setup in Ubuntu
> Sent by: freeipa-users-bounces at redhat.com
> ------------------------------------------------------------------------
>
>
>
> Thanks to Lukas:
> Step 0: Install freipa-client on ubuntu 14.04 and configure sudo 
> integration
>
> root at ubuntu1404:/# ipa-client-install --no-ntp
> root at ubuntu1404:/# echo "sudoers: files sss" >> /etc/nsswitch.conf
>
> root at ubuntu1404:/# grep services /etc/sssd/sssd.conf
> services = nss, pam
> root at ubuntu1404:/# sed -i -e 's/\(services.*\)/\1, sudo/' 
> /etc/sssd/sssd.conf
> root at ubuntu1404:/# grep services /etc/sssd/sssd.conf
> services = nss, pam, sudo
>
>
> Step 1: configure sudo rules for ordinary user
>    Please follow the instructions from FreeIPA documentation.
> _http://www.freeipa.org/docs/master/html-desktop/index.html#sudo_
>
>
>   This step was skipped, becuase it was already done few months ago
>
>
> Step 2: login to machine as ordinary user, which is allowed to use sudo.
>
> $ su usersssd01
> Password:
> $ id
> uid=325600011(usersssd01) gid=325600011(usersssd01) 
> groups=325600011(usersssd01),30011(biggroup1)
>
>
> Step 3: run command
>    sudo -l
>    // this command should show you which commands can be executed as root
>    // with sudo
>
> $ sudo -l
> sudo: unable to resolve host ubuntu1404.example.test
> [sudo] password for usersssd01:
> Matching Defaults entries for usersssd01 on ubuntu1404:
>    env_reset, mail_badpass,
>  secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:/usr/bin\:/sbin\:/bin
>
> User usersssd01 may run the following commands on ubuntu1404:
>    (root) /usr/bin/less, /usr/bin/vim
>
>
> Step 4: If there weren't any problems then user will be able to run 
> command.
>    sudo some_command_listed_in_step3
>
> $ sudo /usr/bin/less /etc/shadow | wc -l
> 21
> $ echo $?
> 0
>
> $ sudo apt-get install mc
> Sorry, user usersssd01 is not allowed to execute '/usr/bin/apt-get 
> install mc' as root on ubuntu.example.test.
> $ echo $?
> 1
>
> On 17-09-2014 16:54, Sanju A wrote:
> Dear All,
>
> I am able to configure the sudo settings in Centos clients by 
> adding/modifying  the entries in /etc/nsswitch.conf and 
> /etc/sudo-ldap.conf. What is the exact steps for the configuration in 
> Ubuntu as I am not able find the configuration file sudo-ldap.conf in 
> Ubuntu.
>
>
> Regards
> Sanju Abraham
> IS - Network/System Administrator
> Tata Consultancy Services
> TCS Centre SEZ Unit,
> Infopark PO,
> Kochi - 682042,Kerala
> India
> Ph:-   +91 484 6187490
> Mailto: _sanju.a at tcs.com_ <mailto:sanju.a at tcs.com>
> Website: _http://www.tcs.com_ <http://www.tcs.com/>
> ____________________________________________
> Experience certainty.        IT Services
>  Business Solutions
>  Consulting
> ____________________________________________
>
> =====-----=====-----=====
> Notice: The information contained in this e-mail
> message and/or attachments to it may contain
> confidential or privileged information. If you are
> not the intended recipient, any dissemination, use,
> review, distribution, printing or copying of the
> information contained in this e-mail message
> and/or attachments to it are strictly prohibited. If
> you have received this communication in error,
> please notify us by reply e-mail or telephone and
> immediately and permanently delete the message
> and any attachments. Thank you
>
>
>
>
> -- 
>
>
>
>
>
>
> Bu elektronik postada bulunan tum fikir ve gorusler ve ekindeki 
> dosyalar sadece adres sahip/sahiplerine ait olup, Yasar Toplulugu 
> Sirketleri bu mesajin icerigi ile ilgili olarak hic bir hukuksal 
> sorumlulugu kabul etmez. Eger gonderilmesi dusunulen kisi veya kurulus 
> degilseniz, lutfen gonderen kisiyi derhal haberdar ediniz ve mesaji 
> sisteminizden siliniz.The information contained in this e-mail and any 
> files transmitted with it are intended solely for the use of the 
> individual or entity to whom they are addressed and Yasar Group 
> Companies do not accept legal responsibility for the contents. If you 
> are not the intended recipient, please immediately notify the sender 
> and delete it from your system.
>
>
> -- 
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go To http://freeipa.org <http://freeipa.org/>for more info on the 
> project
>

-- 


<br>
<img src="http://www.yasar.com.tr/banner/yhbanner.jpg"> </img>
<br><br>
Bu elektronik postada bulunan tum fikir ve gorusler ve ekindeki dosyalar sadece adres sahip/sahiplerine ait olup, Yasar Toplulugu Sirketleri bu mesajin icerigi ile ilgili olarak hic bir hukuksal sorumlulugu kabul etmez. Eger gonderilmesi dusunulen kisi veya kurulus degilseniz, lutfen gonderen kisiyi derhal haberdar ediniz ve mesaji sisteminizden siliniz.The information contained in this e-mail and any files transmitted with it are intended solely for the use of the individual or entity to whom they are addressed and Yasar Group Companies do not accept legal responsibility for the contents. If you are not the intended recipient, please immediately notify the sender and delete it from your system.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140918/593ceef7/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 7833 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140918/593ceef7/attachment.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/png
Size: 15216 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140918/593ceef7/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.png
Type: image/png
Size: 15216 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140918/593ceef7/attachment-0001.png>

More information about the Freeipa-users mailing list