In IPA the Cmnd_Alias is more like the sudo command group. 

Basically you have 2 options on how you want to input sudo commands for rules.

1. input each command as a sudo command, and then group the commands into sudo 
command groups.
2. input directly into the rule, one at a time. Very nasty, and can't be reused.

The better option is #1.  This is so you can reuse the command for different 
command groups.

The only way i have found to input multiple entries at a time, is to have all 
of the commands in a file, and then do a loop and add them in.  You will still 
have to add them into command groups, and sudo rules. Kind of like this.  Make 
sure you have kerberos credentials too, otherwise it will fail.

example file - /tmp/list - notice the quotes.. very important if there are 
spaces in the command
'cat /etc/passwd'

example loop:  The single quotes will carry over from the file so that the 
command is added in it's entirety.
while read -r line; do ipa sudocmd-add $line; done < /tmp/list

You can make it fancier by adding a second entry in each line and add the 
description, but got to leave something to the imagination. lol. 

Hope that helps
FreeIPA-users mailing list --
To unsubscribe send an email to

Reply via email to