[Freeipa-users] regex with sudo commands
Martin Kosek
mkosek at redhat.com
Tue May 5 08:53:06 UTC 2015
On 05/05/2015 03:37 AM, Megan . wrote:
> Good Evening!
>
> I'm running 3.0.0-42 on Centos 6.6.
>
> I setup a number of sudo commands today with regular expressions and
> now users seem to be having issues running any sudo command. Are
> there any known issues with having regex in sudo commands within the
> IPA server?
>
> Here is an example of a sudo rule I have setup. When my user runs
> sudo -ll he only sees the below command, and he should have a large
> number of commands available (like /sbin/service httpd restart)
>
> SSSD Role: deploy for UAT
> RunAsUsers: appusr
> Commands:
> /usr/bin/python /usr/share/appusr/onworld-tools/scripts/configure.py
> -l [a-zA-Z0-9\-_/]* -e EPSG[0-9][0-9][0-9][0-9] -t [a-z]*
> /usr/share/appusr/apache-ant-1.9.4/bin/ant -f
> /usr/share/appusr/onworld-tools/scripts/config_deploy.xml
> deploy-[a-zA-Z0-9\-] -Denv=uat
>
>
> I also purged /var/lib/sss/db and restated sssd thinking it might be
> related to caching but it didn't help.
>
> Thanks in advance!
>
CCing Pavel Brezina for reference as the sudo guru, but I think he will miss
more information for your bug. For example, it would help to show the SUDO
commands for IPA that should be applied for the respective users:
$ ipa sudorule-show ...
Martin
More information about the Freeipa-users
mailing list