[Freeipa-users] Sudo entry not found by sssd in the cache db
Jakub Hrozek
jhrozek at redhat.com
Tue Sep 15 11:37:48 UTC 2015
On Tue, Sep 15, 2015 at 01:58:07PM +0300, Alexander Bokovoy wrote:
> On Tue, 15 Sep 2015, Molnár Domokos wrote:
> >>#hostnamectl set-hostname nappali.silva
> >>on modern systems.
> >>
> >>>doma at nappali:/home/doma> hostname --fqdn
> >>>nappali.szilva
> >doma at nappali:/home/doma> su
> >Password:
> >nappali:/home/doma # hostnamectl set-hostname nappali.szilva
> >nappali:/home/doma # hostname
> >nappali.szilva
> >nappali:/home/doma # hostname --fqdn
> >nappali.szilvanappali:/home/doma # su doma
> >sh-4.2$ sudo ls
> >doma's password:
> >20140921.ZIP Oracle_VM_VirtualBox_Extension_Pack-4.3.26-98988.vbox-extpack
> >42646515_eb8d7dcabe416247463f1bc8652adced.pdf
> > Now it works, the rule is matched.I'm not sure this is the
> > intended way especially seeing the fqdn mechanism in the sudo code
> > but I'll just keep it that way.Thank you.
> sudo doesn't do normalization and IPA's way of exposing host names is
> by using by default fqdn. So sudo compares local hostname with
> fqdn-based one, guess which way it will succeed?
>
> You theoretically could have every hostname in IPA registered non-fqdn
> but what you cannot have is a mix between fqdn- and non-fqdn names.
You can have registered a different hostname with IPA than what
hostname(1) reports, we have an ipa_hostname parameter for that. But
there's no way for sudo to learn about it..
> --
> / Alexander Bokovoy
More information about the Freeipa-users
mailing list