Martin Kosek wrote:
I had doubts how to name ipasudorunasgroup_group attribute, this is the
result. Btw what is the difference between attributes
ipasudorunasgroup_group and ipasudorunas_group?


This confused me as well so I double-checked with JR.

ipasudorunasgroup sets the gid to <group> when executing the command.

ipasudorunas group sets a group of allowed users to run a command as. JR's example was: sudo -u rcrit /bin/less

If rcrit is in either the ipasudorunas user or group then you can run the command as me.

I opened ticket 1657 to improve the documentation. I think connecting it to the sudo options and/or providing examples like this will help.

pushed to master and ipa-2-1


Freeipa-devel mailing list

Reply via email to