Mark Potter via FreeIPA-users wrote: > I am trying to create a default sudo environment that is applied to all > users in addition to anything from other groups. This would include > things like "secure_path" and a few env lines. However I cannot seem to > get this to work. I understand that the highest number in "Sudo order" > is processed first but regardless of ordering I cannot seem to apply a > default along with other sudo groups. I would expect that if this > default was numbered "1" and everything else was higher that it would > apply the Sudo options what I'm seeing in practice is that the options > aren't additive and if a higher numbered rule doesn't contain them that > they are removed. Is this the expected behavior here? > > For example if I have: > > env_keep="COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC KDEDIR LS_COLORS" > > In a sudo group called "Default" and that group is set for all users on > all hosts with Commands and As whom all set to "Specified" with Sudo > order of 1, then a group called "IT" with set for all users, all hosts, > all commands, any user, any group with a Sudo order of 2 it appears that > the Sudo options aren't applied and only what's set for "IT". > > If there is no inheritance I can work with that but I would be brilliant > if I I have simply missed something simple and can configure a default > set of options.
You want the defaults sudorule. See sudoers.ldap(5). rob _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
