Using freeipa from RHEL8.1, I try to create sudo rules (from the GUI). * "foo" and "bar" are ipa users * "ext" is a local user present on all machines
The rule allow user "foo" to run "/bin/bash" on any host as user "bar" works fine, i.e. I can log in as "foo" and run # su - foo $ sudo -u bar /bin/bash -> OK However, if I create a similar rule for the external user it does not work allow external user "ext" to run "/bin/bash" on any host as user "bar" => # su - ext $ sudo -u bar /bin/bash -> denied -- $ ipa sudorule-show test Rule name: test Enabled: TRUE Host category: all External User: ext Sudo Allow Commands: /bin/bash RuaAs Users: bar What am I doing wrong? Ciao Dominik ^_^ ^_^ -- Dominik Vogt _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure