[Freeipa-users] what is the sudo rule runasuser local user account
Rob Verduijn
rob.verduijn at gmail.com
Thu Feb 4 19:37:37 UTC 2016
hi all,
I tried and figured it out..
ipa sudorule-add-runasuser <sudo_rule_name> --users=<local-service-account>
Is the command syntax I was looking for.
I guess that if the --users isn't an ipa user it is automatically
flagged as an external user.
Cheers
Rob Verduijn
2016-02-04 17:33 GMT+01:00 Jakub Hrozek <jhrozek at redhat.com>:
> On Thu, Feb 04, 2016 at 04:00:50PM +0000, Baird, Josh wrote:
>> Actually, I use local (external) users in my sudo rules in IPA 4.2 with no problem.
>>
>> Example:
>>
>> Rule name: TestDBAs
>> Description: access for members of the TestDBAs group
>> Enabled: TRUE
>> Command category: all
>> User Groups: testdbas
>> Host Groups: corp_oracle
>> RunAs External User: oracle
>
> ipaSudoRunAsExtUser, ipaSudoRunAsExtGroup and ipaSudoRunAsExtUserGroup
> -- that's the user you want to run sudo as. That's still supported.
More information about the Freeipa-users
mailing list