[Freeipa-users] Allow user or group to switch user without password and not becoming root
Dmitri Pal
dpal at redhat.com
Tue May 12 21:32:22 UTC 2015
On 05/12/2015 04:44 PM, Andrey Ptashnik wrote:
> Hello Team,
>
> We have RHEL 7.1 and IPA server 4.1.0 in our environment as well as
> stack of Oracle software that require existence of local passwordless
> users like weblogic and oracle.
> Users log in to servers via domain accounts at IPA server.
>
> I'm trying to configure Sudo policy in IPA server that will allow
> users in the company to log in to servers in IPA domain and switch to
> weblogic or oracle user without having to enter any passwords, but
> also without increasing their privileges to root.
> Using plain /etc/sudoers file it can be accomplished something like below:
>
> %users ALL = (root)
Users will be who of the IPA sudo rule
> NOPASSWD:
This will be an option that you would put into the sudo rule
> /bin/su -- oracle
This will be the command. You create a command and then reference it in
the rule.
At least this is what I would try.
>
> How can I configure this behavior in IPA server?
>
> Regards,
>
> Andrey
>
>
>
--
Thank you,
Dmitri Pal
Director of Engineering for IdM portfolio
Red Hat, Inc.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150512/674fd07a/attachment.htm>
More information about the Freeipa-users
mailing list