[Freeipa-users] Allow user or group to switch user without password and not becoming root
Andrey Ptashnik
APtashnik at cccis.com
Tue May 12 20:44:56 UTC 2015
Hello Team,
We have RHEL 7.1 and IPA server 4.1.0 in our environment as well as stack of Oracle software that require existence of local passwordless users like weblogic and oracle.
Users log in to servers via domain accounts at IPA server.
I’m trying to configure Sudo policy in IPA server that will allow users in the company to log in to servers in IPA domain and switch to weblogic or oracle user without having to enter any passwords, but also without increasing their privileges to root.
Using plain /etc/sudoers file it can be accomplished something like below:
%users ALL = (root) NOPASSWD: /bin/su – oracle
How can I configure this behavior in IPA server?
Regards,
Andrey
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150512/48c10142/attachment.htm>
More information about the Freeipa-users
mailing list