[Freeipa-users] FreeIPA, version: 4.1.0 and sudo configuration
Martin Chamambo
chamambom at afri-com.net
Thu Apr 9 00:52:40 UTC 2015
Good day
I managed to configure sudo and its working for all my centos 6.6 and RHEL 6.6 clients. somehow i managed to change the sudo rules ,sudo comands and sudo groups to be less restrictive ,thats when i managed to access root owned files using sudo
thanx for your help
My advice when configuring sudo , when configuring your sudo rules , start with a less restrictive access control e.g where they say Access this host ---- say any where they say Run Commands ---say any command and when its working ,thats when you can then fine tune your access policies
________________________________________
From: Jakub Hrozek [jhrozek at redhat.com]
Sent: Wednesday, April 08, 2015 2:01 PM
To: Martin Chamambo
Cc: freeipa-users at redhat.com
Subject: Re: [Freeipa-users] FreeIPA, version: 4.1.0 and sudo configuration
On Wed, Apr 08, 2015 at 01:39:44PM +0200, Chamambo Martin wrote:
> Sudo seems to be configured correctly but somehow it's not working
>
> Even if I do a sudo -l under the admin user
>
> [admin at ironhide tmp]$ sudo -l
> [sudo] password for admin:
> Matching Defaults entries for admin on this host:
> requiretty, !visiblepw, always_set_home, env_reset, env_keep="COLORS
> DISPLAY HOSTNAME HISTSIZE INPUTRC KDEDIR LS_COLORS", env_keep+="MAIL PS1
> PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE", env_keep+="LC_COLLATE
> LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES", env_keep+="LC_MONETARY
> LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE", env_keep+="LC_TIME LC_ALL
> LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY",
> secure_path=/sbin\:/bin\:/usr/sbin\:/usr/bin
>
> User admin may run the following commands on this host:
> (admin, chamambom, kamoyob, kumalop, machangeteb, masaitit, masvivic,
> matangiraa, nyahumap, pedzisail, tayengwaj : ALL) /usr/bin/vim,
~~~~~~~~~~~
> /usr/bin/less
~~~~~~~~~~~~~
According to this output, admin can run both vim and less... ??
More information about the Freeipa-users
mailing list