On Аўт, 03 вер 2024, alexey safonov via FreeIPA-users wrote:
Hi,
I've checked all related output in Google search and this mailing
list, but still have no answer to a question, why secure_path option
is ignored by IPA?
here is what I have in IPA
Sudo Option: !requiretty, !authenticate,
secure_path=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
here is the output
[aaa@bbbb ~]$ sudo printenv PATH
/sbin:/bin:/usr/sbin:/usr/bin
for some reason that path is only taken from /etc/sudoers file
IPA LDAP is just a store for SUDO rules. The heavy lifting is done by
SSSD sudoers plugin. You can use
https://sssd.io/troubleshooting/sudo.html to generate SUDO and SSSD logs
and see whether a particular rule or options are present and sent to
SUDO for processing.
--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland
--
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
