Thanks...yes I dont care "how" as such. Im trying to translate traditional
linux/unix ways of doing things into IPA where possible...maybe that's where
I'm communicating poorly and causing confusion, sorry about that.
Its like english and french, I want the french but only have the english words
to ask in.
su - root can be local, thats OK as that is unique and exists locally. But I
need to do a lot of as kodak wants and have a group of users login as
themselves and then get to an application "user". Typically this would be say
oracle...but I dont want the user oracle to be able to ssh in...so that can be
IPA controlled, I know, which I'd rather do than putting a deny into
sshd_config....as when you want to refresh a database you could have a HBAC for
Oracle defined between 2 specific hosts for a set length of time say.
Technical Specialist - Linux RHCE
Victoria University, Wellington, NZ
0064 4 463 6272
From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on
behalf of Erinn Looney-Triggs [erinn.looneytri...@gmail.com]
Sent: Wednesday, 18 July 2012 10:17 a.m.
Subject: Re: [Freeipa-users] How to set a user group rule to allow su - oracle
On 07/17/2012 02:06 PM, Steven Jones wrote:
> Can I get this clarified as I am getting really confused,
> Can I do this in/via IPA or not?
> Yes or no I think will suffice.
> Steven Jones
> Technical Specialist - Linux RHCE
> Victoria University, Wellington, NZ
> 0064 4 463 6272
> *From:* Arpit Tolani [arpittol...@gmail.com]
> *Sent:* Tuesday, 17 July 2012 11:13 p.m.
> *To:* Steven Jones
> *Cc:* Rob Crittenden; email@example.com
> *Subject:* Re: [Freeipa-users] How to set a user group rule to allow su
> - oracle only?
I think that is because you are talking about two separate things. You
want to control entry to root via su, this may or may not be
controllable with IPA, but probably not.
You want to control entry to the oracle user via sudo and restrict that
to a group of users, that is entirely possible within IPA.
Freeipa-users mailing list