[Freeipa-users] problem in sudo policy when target commands use local environment variables
Mitra Dehghan
mitra.dehghan at gmail.com
Mon Jun 6 10:01:30 UTC 2016
Hello,
I have a problem using sudo policy in FreeIPA when target commands use
environment variables defined on a specific local user's profile.
Here is the problem:
1- There is a client machine with local user called *srvusr .*this user has
permission to run *target_cmd*.
2- *target_cmd* is dependent on environment variables defined in *srvusr'*s
profile. Even before joining to FreeIPA, users had to use "su *srvusr*"
command to get permission for executing the *target_cmd*.
3- I defined a sudo policy for *target_cmd* to be executed by external
user permissions (*srvusr)*.
4- when I run sudo -l on client machine it says IPA user has permission to
run *target_cmd* with *srvusr* privileges.
5- The command I run with my IPA user is:
$ sudo -H -u *srvusr* */path/to/**target_cmd* *target_cmd**_argument*
*or*
$ sudo -H -u *srvusr* */path/to/**target_cmd*
I used -H to inherit target user's environment variables
The command fails to run and the error is:
"Check environment error! environment not defined or NULL"
I would be glad if someone help me to find a solution for that!
thanks for your advice in advance
--
m-dehghan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160606/f0a2f336/attachment.htm>
More information about the Freeipa-users
mailing list