On 01/18/2012 11:50 AM, JR Aquino wrote: > On Jan 18, 2012, at 11:47 AM, Erinn Looney-Triggs wrote: > >> I can't really figure out what the proper syntax is for the sudo rules >> in IPA. I have a number of options that I would like included by >> default, I have put them in place, from ipa sudorule-show: >> >> Sudo Option: env_keep = "LESSSECURE", env_reset, mail_badpass, >> mail_no_host, mail_no_perms, syslog = local2 > > It looks to be getting confused by the whitespace. > > Remove the whitespace for env_keep = "LESSSECURE" & syslog = local2 to: > env_keep="LESSSECURE" > syslog=local2 > > Let me know if that helps. > > Also, can you post a compare against: > > ipa sudorule-show defaults > > vs > > <a host you want to run sudo on> $ sudo -l > > >> >> This doesn't appear to work, when sudo is run: >> >> sudo: unknown defaults entry `env_keep ' >> sudo: unknown defaults entry `mail_badpass, mail_no_host, mail_no_perms, >> syslog ' >> >> One thing that jumps out at me is that the '= whatever' portion is not >> being maintained. >> >> The directions in the IDM guide are less than clear, simply referencing >> the sudoers page for options. These are all valid sudo options, this is >> basically a straight port over from a sudoers file. >> >> So anyone have any experience doing this bit? >> >> -Erinn >> >> _______________________________________________ >> Freeipa-users mailing list >> Freeipa-users@redhat.com >> https://www.redhat.com/mailman/listinfo/freeipa-users >
It looks like this was actually ttwo problems, one the quoting, and the second that via the web ui, I had put multiple options on a single line separated by a comma, so initially one rule was: mail_badpass, mail_no_host, mail_no_perms, syslog = local2 After fixing the spacing issue, as well as putting each into it's own statement everything worked just fine. There should probably either be better documentation, or better validation of input for those options, or ideally both :). I reckon I will open a bug up. Thanks for the help, -Erinn
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
