Martin Kosek wrote:
I had doubts how to name ipasudorunasgroup_group attribute, this is the
result. Btw what is the difference between attributes
ipasudorunasgroup_group and ipasudorunas_group?
This confused me as well so I double-checked with JR.
ipasudorunasgroup sets the gid to <group> when executing the command.
ipasudorunas group sets a group of allowed users to run a command as.
JR's example was: sudo -u rcrit /bin/less
If rcrit is in either the ipasudorunas user or group then you can run
the command as me.
I opened ticket 1657 to improve the documentation. I think connecting it
to the sudo options and/or providing examples like this will help.
pushed to master and ipa-2-1
Freeipa-devel mailing list