[Freeipa-users] listing users, groups and the host they access with sudo rules
Jakub Hrozek
jhrozek at redhat.com
Mon Jul 25 17:36:29 UTC 2016
On Mon, Jul 25, 2016 at 02:13:49PM +0000, Stefan Uygur wrote:
> Hi everyone,
> I am using ipa-server-3.0.0-47.el6_7.2.x86_64 on my redhat 6 and I was wondering if there is a way in IPA to list the users, with their group and the hosts they can access along with sudo permissions.
>
> This is for auditing purposes and IPA doesn't seem to have a functionality that would help rather than performing manual commands to collect all this data, which will require quite time.
>
> So I was wondering if anyone had similar needs and how they overcome to this issue (knowing that IPA doesn't have auditing part covered).
Not easy per host, but you can install ldbsearch and then check what
sudo rules are fetched by sssd for this host:
# yum install ldb-tools
# ldbsearch -H /var/lib/sss/db/cache_$domain.ldb -b cn=sysdb objectClass=sudoRule
More information about the Freeipa-users
mailing list