On Thu, Nov 09, 2017 at 02:07:03AM +0000, Andrew Meyer via FreeIPA-users wrote:
> Hello, I am trying to setup a few of my users to have the ability to su - 
> jira or another user using FreeIPA.
> Here is what happens when I am logged in as the user and try to su - jira
> [user1@jira02 ~]$ sudo su - process[sudo] password for user1:Sorry, user 
> user1 is not allowed to execute '/bin/su - jira' as root on 
> jira02.example.net.[user1@jira02 ~]$
> [andrew.meyer@jira02 ~]$ ipa sudorule-show su_jira  Rule name: su_jira  
> Enabled: TRUE  Host category: all  RunAs User category: all  RunAs Group 
> category: all  User Groups: developers, ops_sudoers  Sudo Allow Command 
> Groups: jira_access  Sudo Option: !authenticate[andrew.meyer@jira02 ~]$
> [andrew.meyer@jira02 ~]$ ipa sudocmd-find su_jira_cmds----------------------1 
> Sudo Command matched----------------------  Sudo Command: /usr/bin/su - 
> jira,/usr/bin/sudo su - jira,/bin/su - jira,/bin/sudo - jira  Description: 
> su_jira_cmds----------------------------Number of entries returned 
> 1----------------------------
> What am I doing wrong?

I would first run "sudo -l" to see if the user is able to run any sudo
commands at all.

Then I'd proceed to sudo debugging from
to see what data was transferred to sudo and how did sudo evaluate them.
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to