[Freeipa-users] what is the sudo rule runasuser local user account
Baird, Josh
jbaird at follett.com
Thu Feb 4 16:00:50 UTC 2016
Actually, I use local (external) users in my sudo rules in IPA 4.2 with no problem.
Example:
Rule name: TestDBAs
Description: access for members of the TestDBAs group
Enabled: TRUE
Command category: all
User Groups: testdbas
Host Groups: corp_oracle
RunAs External User: oracle
In this example, 'oracle' is a local user on the server (not in IPA). I hope this functionality does not go away.
Thanks,
Josh
> -----Original Message-----
> From: freeipa-users-bounces at redhat.com [mailto:freeipa-users-
> bounces at redhat.com] On Behalf Of Rob Verduijn
> Sent: Thursday, February 04, 2016 10:54 AM
> To: Jakub Hrozek
> Cc: freeipa-users at redhat.com
> Subject: Re: [Freeipa-users] what is the sudo rule runasuser local user
> account
>
> On Centos7.2 all patches applied I used the command:
> ipa-client-install --enable-dns-updates
>
> Rob
>
> 2016-02-04 16:45 GMT+01:00 Jakub Hrozek <jhrozek at redhat.com>:
> > On Thu, Feb 04, 2016 at 03:52:25PM +0100, Rob Verduijn wrote:
> >> Hello,
> >>
> >> I've noticed that the sudorule-add-runasuser no longer has en
> >> --external option
> >>
> >> What is the current method to add a local service account to a sud
> >> rule list so that users may run sudo as that service account (ie
> >> apache or jboss)
> >>
> >> Cheers
> >> Rob Verudijn
> >
> > I know I'm not answering your question but how did you configure the
> > client side earlier? Did you use the native/legacy sudo ldap driver?
> >
> > The reason I'm asking this is that sssd only supports users it
> > handles, so in the IPA case it only supports IPA users anyway..
> >
> > --
> > Manage your subscription for the Freeipa-users mailing list:
> > https://www.redhat.com/mailman/listinfo/freeipa-users
> > Go to http://freeipa.org for more info on the project
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
More information about the Freeipa-users
mailing list