Aaron, I am just now returning to this, had lots of production issues which 
took priority.  However I just did what you said, added them individually and 
used a for loop w/ single quotes around the commands EVEN the ones w/ spaces 
and extra options.  It added a lot of them but not always corrects.  Sometimes 
it would miss half of the options, other times it would take the command and 
think that a '*' was a command. 
For example:to start tomcat 5 & 7 I have '/etc/init.d/tomcat5 
*''/etc/init.d/tomcat7 *'It stripped the end single quote.
Thoughts?
 

    On Friday, November 10, 2017 8:33 AM, Andrew Meyer via FreeIPA-users 
<freeipa-users@lists.fedorahosted.org> wrote:
 

 I will check this out and get back to you.  thank you. 

    On Friday, November 10, 2017 8:04 AM, Aaron Cole via FreeIPA-users 
<freeipa-users@lists.fedorahosted.org> wrote:
 

 In IPA the Cmnd_Alias is more like the sudo command group. 

Basically you have 2 options on how you want to input sudo commands for rules.

1. input each command as a sudo command, and then group the commands into sudo 
command groups.
2. input directly into the rule, one at a time. Very nasty, and can't be reused.

The better option is #1.  This is so you can reuse the command for different 
command groups.

The only way i have found to input multiple entries at a time, is to have all 
of the commands in a file, and then do a loop and add them in.  You will still 
have to add them into command groups, and sudo rules. Kind of like this.  Make 
sure you have kerberos credentials too, otherwise it will fail.

example file - /tmp/list - notice the quotes.. very important if there are 
spaces in the command
'/usr/bin/less'
'/usr/bin/vim'
'cat /etc/passwd'

example loop:  The single quotes will carry over from the file so that the 
command is added in it's entirety.
while read -r line; do ipa sudocmd-add $line; done < /tmp/list

You can make it fancier by adding a second entry in each line and add the 
description, but got to leave something to the imagination. lol. 

Hope that helps
Aaron.
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org


   _______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org


   
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to