Andrew Meyer via FreeIPA-users wrote:
> In preparation for a migration I am trying to setup sudoers within
> freeipa.  I have about a dozen people that will need to sudo to another
> user and run commands.  However I want to add all the commands for that
> user into my rule.
> 
> would this be best practice to add ALL the commands into 1 rule?  or
> should I do a sudocmdgroup?

Up to you but that's what the groups were made for: to combine a common
set of commands together to make management easier. Seems to fit well.

> ipa sudorule-add-allow-command --sudocmds "/usr/bin/vim" files-commands
> 
> Would I just put a comma after each command? Or should I do this all
> individually and add all the commands to a cmd group?

Try: --sudocmds={"/usr/bin/vim","cat /etc/passwd",...}

Bash will expand it.

I'd use a group though so you can make one change and affect any/all rules.

rob
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to