[Freeipa-users] How to give directory permissions on a specific client to FreeIPA users.
Mitra Dehghan
mitra.dehghan at gmail.com
Tue Jun 28 07:08:46 UTC 2016
Hello,
I want to know how can I give directory permissions on a client to a domain
user in FreeIPA.
I'm using "runasuser" feature in sudo policy to give my domain users
permission to run local services on client.
Here is an example:
I have a service on my client called "*abc*" located at "/home/abc/" and
locally run by local user called "*abc*"
I have used runasuser feature in sudo policy rules to let domain users
(say: *usr at mydomain.dc*) run the service. *usr* can run scripts, read and
edit files and stop/start services, using *abc*'s permissions and without
any problem.
But the problem I have faced is, when I want "*usr*" to traverse
subdirectories under "*/home/abc/*" it doesn't work.
I have defined sudocmd for cd command and added it as allow-command to
appropriate sudorule. my sudocmd definitions are like this:
*ipa sudocmd-add --desc="ttttttt" 'cd /home/abc/n/'*
*ipa sudocmd-add --desc="ttttttt" 'cd /home/abc/m/'*
*ipa sudocmd-add --desc="ttttttt" 'cd /home/abc/n/q/'*
While *usr* can run the *cd* command without error, it doesn't work and
*pwd* still shows* /home/usr* as current directory.
what *usr* runs is:
*$ sudo -u abc cd /home/abc/m*/
--
respectfully
m-dehghan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160628/501f5cd5/attachment.htm>
More information about the Freeipa-users
mailing list