[Freeipa-users] sudo NOPASSWD for a single command
Pavel Březina
pbrezina at redhat.com
Fri Feb 24 08:21:00 UTC 2017
On 02/23/2017 03:43 PM, Auerbach, Steven wrote:
> Yes, I implemented in Policy -> Sudo -> Sudo Commands as:
>
> Sudo Command: NOPASSWD: /sbin/vgs
NOPASSWD is used in /etc/sudoers. In IPA, create a sudo option
"!authenticate" instead.
>
>
>
> The script (executed by a non-root, administrative group user on an
> enrolled host) specifies:
>
> ….
>
> hostname >> statresults.txt
>
> cat /etc/redhat-release >> statresults.txt
>
> uname -r >> statresults.txt
>
> printf "\n " >> statresults.txt
>
> sudo vgs >> statresults.txt
>
> …..
>
> Running the script I still was prompted for a password. So I guess this
> does not work.
>
>
>
> *From:* Jason B. Nance [mailto:jason at tresgeek.net]
> *Sent:* Wednesday, February 22, 2017 11:59 AM
> *To:* Auerbach, Steven <Steven.Auerbach at flbog.edu>
> *Cc:* freeipa-users at redhat.com
> *Subject:* Re: [Freeipa-users] sudo NOPASSWD for a single command
>
>
>
>
>
> We have a script stored on a particular server in our realm that
> executes a number of non-privileged commands and are wanting to add
> /sbin/vgs command. The script uses SSH to then execute the same set
> of commands on all the servers in the realm.
>
> The owner of the script is in the administrator group and there are
> sudoer commands for the administrator group in general. We need to
> place a rule for this one command for either this group or the
> script owner to run NOPASSWD.
>
> Where and how would I specify that in the IPA admin console?
>
> Have you tried creating your command in IPA as "NOPASSWD: /sbin/vgs"
> (Policy -> Sudo -> Sudo Commands)?
>
>
>
>
>
More information about the Freeipa-users
mailing list