[Freeipa-users] Problem with sudo -r
Jakub Hrozek
jhrozek at redhat.com
Tue Aug 11 11:42:08 UTC 2015
On Tue, Aug 11, 2015 at 01:08:31PM +0200, Roberto Lucarelli wrote:
> Hello,
> i configured Freeipa server and sudo client is ok but now i want deny
> users to launch command passwd and sudo -r .
> My configuration provide that all commands are enable .
>
> I can not configure specific commands because users must manage many
> services such as postfix, apache, mysql etc and they must have access to
> different folders with different users and groups .
>
> Do you have any recommendations ?
I'm not sure this is possible with the ipa CLI. Also keep in mind that
allowing specific commands is generally preferable. Denying specific
commands and allowing the rest calls for trouble IMO..
More information about the Freeipa-users
mailing list