On 01/18/2012 11:50 AM, JR Aquino wrote:
> On Jan 18, 2012, at 11:47 AM, Erinn Looney-Triggs wrote:
> 
>> I can't really figure out what the proper syntax is for the sudo rules
>> in IPA. I have a number of options that I would like included by
>> default, I have put them in place, from ipa sudorule-show:
>>
>> Sudo Option: env_keep = "LESSSECURE", env_reset, mail_badpass,
>> mail_no_host, mail_no_perms, syslog = local2
> 
> It looks to be getting confused by the whitespace.
> 
> Remove the whitespace for env_keep = "LESSSECURE" & syslog = local2 to: 
> env_keep="LESSSECURE"
> syslog=local2
> 
> Let me know if that helps.
> 
> Also, can you post a compare against:
> 
> ipa sudorule-show defaults
> 
> vs
> 
> <a host you want to run sudo on> $ sudo -l
> 
> 
>>
>> This doesn't appear to work, when sudo is run:
>>
>> sudo: unknown defaults entry `env_keep '
>> sudo: unknown defaults entry `mail_badpass, mail_no_host, mail_no_perms,
>> syslog '
>>
>> One thing that jumps out at me is that the '= whatever' portion is not
>> being maintained.
>>
>> The directions in the IDM guide are less than clear, simply referencing
>> the sudoers page for options. These are all valid sudo options, this is
>> basically a straight port over from a sudoers file.
>>
>> So anyone have any experience doing this bit?
>>
>> -Erinn
>>
>> _______________________________________________
>> Freeipa-users mailing list
>> Freeipa-users@redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-users
> 

It looks like this was actually ttwo problems, one the quoting, and the
second that via the web ui, I had put multiple options on a single line
separated by a comma, so initially one rule was:
mail_badpass, mail_no_host, mail_no_perms, syslog = local2

After fixing the spacing issue, as well as putting each into it's own
statement everything worked just fine.

There should probably either be better documentation, or better
validation of input for those options, or ideally both :). I reckon I
will open a bug up.

Thanks for the help,

-Erinn

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to