[Freeipa-users] Sudo Rule flag limitations

Sean Hogan schogan at us.ibm.com
Mon Mar 27 21:50:50 UTC 2017 

Disregard .. I figured it out

just added /usr/bin fdisk -l to command list
run as user root and applied the command to sudo rule

Running as expected where sudo fdisk /dev/sda fails but sudo fdisk -l works





Sean Hogan





From:	Sean Hogan/Durham/IBM at IBMUS
To:	freeipa-users <freeipa-users at redhat.com>
Date:	03/27/2017 01:55 PM
Subject:	[Freeipa-users] Sudo Rule flag limitations
Sent by:	freeipa-users-bounces at redhat.com



Hello,

I was wondering how possible it would be to allow sudo commands with
certain flags but not the actual command

Case in point:

If a user requests sudo fdisk -l to view partitions can this be set without
giving access to sudo fdisk /dev/sda ?

Would the sudo rule have to deny fdisk /dev/sda but allow fdisk -l? Not
really sure how that would work.


                                             
 ipa-client-3.0.0-50.el6.1.x86_64            
 ipa-server-selinux-3.0.0-50.el6.1.x86_64    
 ipa-server-3.0.0-50.el6.1.x86_64            
 sssd-ipa-1.13.3-22.el6_8.4.x86_64           
 python-libipa_hbac-1.13.3-22.el6_8.4.x86_64 
 ipa-admintools-3.0.0-50.el6.1.x86_64        
 python-iniparse-0.3.1-2.1.el6.noarch        
                                             




                                    
                                    
                                    


Thank you



Sean Hogan




--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170327/032c4931/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: graycol.gif
Type: image/gif
Size: 105 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170327/032c4931/attachment.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ecblank.gif
Type: image/gif
Size: 45 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170327/032c4931/attachment-0001.gif>

More information about the Freeipa-users mailing list