On Tue, 2 Feb 2021 at 10:03, Mustapha Aissat via FreeIPA-users < [email protected]> wrote:
> Hi all, > > I have a question regarding sudo command and rules in FreeIPA, is it > possible to allow a user to only install packages and not remove? > for example the sudo command will look,like : /usr/bin/dnf install ***** > > I tried to configure sudo command as "/usr/bin/dnf install" and it didn't > work > If I use set the command to "/usr/bin/dnf" it works. But the user is also > allowed to remove packages! > > The sudo command only controls the commands that are allowed to be run and not arguments as that has a lot of places where such parsing can go wrong and leak out. Also many commands have some sort of built in shell mode which any parsing would be defeated by. Installing packages is by default a problematic issue because one could have an rpm which on installation removes other packages (or requires packages to be removed for it to be installed). I would read some tutorials on what you are trying to do as I think this is actually outside of IPA and falls into normal system administration. > Any suggestions please? > > Best regards, > _______________________________________________ > FreeIPA-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/[email protected] > -- Stephen J Smoogen.
_______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
