[Freeipa-users] regex with sudo commands
Megan .
nagemnna at gmail.com
Tue May 5 09:36:12 UTC 2015
Ok, Thank you.
On Tue, May 5, 2015 at 5:35 AM, Pavel Březina <pbrezina at redhat.com> wrote:
> On 05/05/2015 10:53 AM, Martin Kosek wrote:
>>
>> On 05/05/2015 03:37 AM, Megan . wrote:
>>>
>>> Good Evening!
>>>
>>> I'm running 3.0.0-42 on Centos 6.6.
>>>
>>> I setup a number of sudo commands today with regular expressions and
>>> now users seem to be having issues running any sudo command. Are
>>> there any known issues with having regex in sudo commands within the
>>> IPA server?
>>>
>>> Here is an example of a sudo rule I have setup. When my user runs
>>> sudo -ll he only sees the below command, and he should have a large
>>> number of commands available (like /sbin/service httpd restart)
>>>
>>> SSSD Role: deploy for UAT
>>> RunAsUsers: appusr
>>> Commands:
>>> /usr/bin/python /usr/share/appusr/onworld-tools/scripts/configure.py
>>> -l [a-zA-Z0-9\-_/]* -e EPSG[0-9][0-9][0-9][0-9] -t [a-z]*
>>> /usr/share/appusr/apache-ant-1.9.4/bin/ant -f
>>> /usr/share/appusr/onworld-tools/scripts/config_deploy.xml
>>> deploy-[a-zA-Z0-9\-] -Denv=uat
>>>
>>>
>>> I also purged /var/lib/sss/db and restated sssd thinking it might be
>>> related to caching but it didn't help.
>>>
>>> Thanks in advance!
>>>
>>
>> CCing Pavel Brezina for reference as the sudo guru, but I think he will
>> miss
>> more information for your bug. For example, it would help to show the SUDO
>> commands for IPA that should be applied for the respective users:
>>
>> $ ipa sudorule-show ...
>>
>> Martin
>>
>
> I believe Tomas already provided the correct answer.
More information about the Freeipa-users
mailing list