We have many users that run GNU/Linux workstations. At the moment everyone is using local accounts. We want to convert them to IPA clients and still allow them sudo privileges on their own workstations.
It's easy to grant them access to their workstations by making them all a member of a "workstation" AD group and letting them login with ssh, GNOME, etc. What's less obvious is how to centrally give them sudo access only on their own workstations. I could create an HBAC rule per person to give them sudo privileges to their own workstation, but then I'll have to make hundreds of rules. The only solution appears to be to keep the access (i.e. ssh, desktop environment) centrally controlled in IPA, but make the custom sudo access locally controlled. Is this the only way to do what I want? Thanks in advance. -- Ranbir _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue