[Freeipa-users] How do I create single sudo grpoup for both Centos and Ubuntu?
Alexander Bokovoy
abokovoy at redhat.com
Mon May 2 15:22:44 UTC 2016
On Mon, 02 May 2016, Jakub Hrozek wrote:
>On Mon, May 02, 2016 at 10:22:49AM -0400, Rob Crittenden wrote:
>> Przemysław Orzechowski wrote:
>> > Hi
>> >
>> > Im trying to create a single usergroup for sudo enabled users for both
>> > Centos and Ubuntu users
>> > The problem is on centos its group wheel (10), and on ubuntu its sudo
>> > (27) how do i have tried to do it using ID view but somehow im not
>> > getting it right
>> >
>> > btw
>> > Centos clients versions 6.x, 7.x
>> > Ubuntu clients versions 12.04,14.04,16.04
>> > Ipa server is on Centos 7 IPA VERSION: 4.2.0, API_VERSION: 2.156
>> >
>> > Regards
>> > Przemyław Orzechowski
>> >
>>
>> But aren't these groups used only if you use files for sudo (and even that
>> is just a default)? If you are using IPA to provide the sudo rules then the
>> group you choose shouldn't matter.
>>
>> rob
>
>Doesn't polkit also use membership in these group to determine if the
>user is a 'local admin' ? I haven't configured this kind of setup
>myself, though. But if it is the case, the user is probably looking for:
> https://sourceware.org/glibc/wiki/Proposals/GroupMerging
There are many ways to achieve the same:
http://www.freeipa.org/page/Howto/FreeIPA_PolicyKit
I'd prefer to use HBAC and set 'polkit-1' and 'sudo' services via HBAC
rules to grant access on the machines.
--
/ Alexander Bokovoy
More information about the Freeipa-users
mailing list