[Freeipa-users] Freeipa Sudo / sudoers.d / nopasswd
Jakub Hrozek
jhrozek at redhat.com
Thu Mar 24 17:01:34 UTC 2016
> On 24 Mar 2016, at 17:21, Ash Alam <aalam at paperlesspost.com> wrote:
>
> Hello
>
> I am looking for some guidance on how to properly do sudo with Freeipa. I have read up on what i need to do but i cant seem to get to work correctly. Now with sudoers.d i can accomplish this fairly quickly.
>
> Example:
>
> %dev ALL=(ALL) NOPASSWD:/usr/bin/chef-client
>
> What i have configured in Freeipa Sudo Rules:
>
> Sudo Option: !authenticate
> Who: dev (group)
> Access this host: testing (group)
> Run Commands: set of commands that are defined.
>
> Now when i apply this, it still does not work as it asks for a password for the user and then fails. I am hoping to allow a group to only run certain commands without requiring password.
>
You should first find out why sudo fails completely. We have this guide that should help you:
https://fedorahosted.org/sssd/wiki/HOWTO_Troubleshoot_SUDO
About asking for passwords -- defining a special sudo rule called 'defaults' and then adding '!authenticate' should help:
Add a special Sudo rule for default Sudo server configuration:
ipa sudorule-add defaults
Set a default Sudo option:
ipa sudorule-add-option defaults --sudooption '!authenticate'
More information about the Freeipa-users
mailing list