[Freeipa-users] Sudo rule implementation
Jakub Hrozek
jhrozek at redhat.com
Tue Dec 20 11:24:45 UTC 2016
On Tue, Dec 20, 2016 at 01:19:15PM +0300, Ben .T.George wrote:
> Hi List,
>
> please help me to implement sudo rules.
>
> i have did below steps and still not working for me.
>
> 1. created "Sudo Command Groups"
> 2. Added some command (/bin/yum) and included in sudo group
> 3. created "sudo Rule" on that
> * added sudo Option as "!authenticate"
> * Added User Group.
> * Added one Host
> * And under Run command, selected the Sudo Rule Group.
> 4. entry on nsswitch.conf : sudoers: files sss
> 5. entry on sssd.conf : services = nss, sudo, pam, ssh
>
> and i tried removing "!authenticate" and changed to Anyone, Any Host and Any
> Command,
> Also under As Whom to Anyone and Any Group
> - I tried logout and login again on client with IPA user which is member of
> user group.
>
> When i am running yum, getting error that user is not allowed to execute
> command.
>
>
> Please anyone help to correct my steps.
>
> Regards
> Ben
Please follow:
https://fedorahosted.org/sssd/wiki/HOWTO_Troubleshoot_SUDO
especially the sudo logs are often helpful to see what rules is sssd
returning to sudo.
More information about the Freeipa-users
mailing list