[Freeipa-users] Wildcard type usage in sudo rules with FreeIPA.
Lance Reed
reed.r.lance at gmail.com
Thu Jan 8 15:00:20 UTC 2015
I am trying to figure out how (or if its even possible) to use
wildcard type sudo rules in FreeIPA.
I setup Sudo rules usage and so far seems to be working - at least if
I setup ALL type rules for Hosts.
However it looks like I have to add specifc allowed hosts in the GUI
as they either appear in the host list or add them in the External
option box. However that makes it messy / non scalable if I want to
create a group of users that have access to a large number of host
types, say db servers or something.
File based sudo rules allow for constructs such as:
someusername *dbserver* = /opt/appname/admintools/run_admin_tools.sh
Which allows someuser to have sudo options on any hostname matching
*dbserver* and then run the command allowed. This all currently seems
doable in IPA except the wildcard part for hostnames / domains etc.
Apologizes if I missed this in the docs.
Thanks in advance for any ideas (command line methods?)
Running:
ipa-server-3.0.0-37
sssd-1.9.2
More information about the Freeipa-users
mailing list