This is exactly my sort of thing as well.

We seem to be in the freeipa group yet ppl are telling me to use one 
has really said you cannot do this in IPA, or you can and this is how......


The very idea of using IPA is to stop having to do such local configuration....


Steven Jones

Technical Specialist - Linux RHCE

Victoria University, Wellington, NZ

0064 4 463 6272

From: [] on 
behalf of KodaK []
Sent: Wednesday, 18 July 2012 3:50 a.m.
Subject: [Freeipa-users] another sudo su question

I've been banging my head on this for a couple of days, and I can't
find anything in the docs or by searching.

I'm trying to do what I think should be pretty simple:  I have a group
of users and an application account, all in IPA.  I want users in that
group to be able to "sudo su - appacct".

What I've found is that I probably can't do it exactly like that, so
now I'm trying "sudo -i appacct", but I can't get that to work either.

My rule is set up like this:

rule name:  become-appacct
sudo option:  -i appacct       (I'm not sure this is right.)
user groups:  admins, appgroup
host groups:  apphostgroup

Everything else is blank.  Note that this is just the current
configuration, I've tried a bunch of iterations.

Any help?



The government is going to read our mail anyway, might as well make it
tough for them.  GPG Public key ID:  B6A1A7C6

Freeipa-users mailing list

Freeipa-users mailing list

Reply via email to