[Freeipa-users] sudo options/sss_cache
Pavel Březina
pbrezina at redhat.com
Fri Sep 25 09:48:27 UTC 2015
On 09/25/2015 10:06 AM, Jakub Hrozek wrote:
> On Thu, Sep 24, 2015 at 03:39:48PM +0200, Christoph Kaminski wrote:
>> Hi
>>
>> I have 3 problems/questions with ipa and sudo...
>>
>> 1. How to make a GLOBAL sudo rule with all the options what I want to
>> have? (e.g. !authenticate). I have tried to make a sudo rule for all users
>> on all hosts whom all users but without command and it doesnt work... Do I
>> need to set it for each rule separately?
>
> Pavel (CC) would know this better, in native sudo there is a global
> entry but I keep forgetting what it is in IPA..
Hi, please, create a rule named "defaults".
I see this question is returning frequently. I think it should be
supported directly by user interface.
>
>>
>> 2. How can I with sss_cache invalidate sudo rules? Do I need ever to kill
>> all files inside /var/lib/sssd/db? I dont see an option in sss_cache for
>> this :/
>
> sss_cache can't do that because at the moment the sudo rule updates are
> kinda complex. See man sssd-sudo for all the different refreshes. You
> can either cycle sssd by sending it USR1 and then USR2 or tune the cache
> refreshes.
>
>>
>> 3. How long is the time where sssd invalidates the sudo rules and make a
>> new look into ipa? Can I set this time?
>
> See above.
>
More information about the Freeipa-users
mailing list