What would the equivalent of Cmnd_Alias DEVS? Is that somewhere in the documentation? I was also trying to find something to convert my sudoers to what it would be in IPA commands.
On Thursday, November 2, 2017 4:02 PM, Rob Crittenden via FreeIPA-users <freeipa-users@lists.fedorahosted.org> wrote: Andrew Meyer via FreeIPA-users wrote: > In preparation for a migration I am trying to setup sudoers within > freeipa. I have about a dozen people that will need to sudo to another > user and run commands. However I want to add all the commands for that > user into my rule. > > would this be best practice to add ALL the commands into 1 rule? or > should I do a sudocmdgroup? Up to you but that's what the groups were made for: to combine a common set of commands together to make management easier. Seems to fit well. > ipa sudorule-add-allow-command --sudocmds "/usr/bin/vim" files-commands > > Would I just put a comma after each command? Or should I do this all > individually and add all the commands to a cmd group? Try: --sudocmds={"/usr/bin/vim","cat /etc/passwd",...} Bash will expand it. I'd use a group though so you can make one change and affect any/all rules. rob _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org