Hi,
I have a sudo rule in IPA that has the !authenticate option added to enable
admins to execute certain programs as root without authentication.
It doesn't work. There is another rule for the admins that allow all
commands as long as they give their password.
In a sudoers file, you can solve this by specifing the nopasswd rule as
last.
sudo -l from an IPA-client gives me this:
*******@svr001 ~]$ sudo -l
Matching Defaults entries for ******* on this host:
requiretty, !visiblepw, always_set_home, env_reset, env_keep="COLORS
DISPLAY HOSTNAME HISTSIZE INPUTRC KDEDIR LS_COLORS", env_keep+="MAIL PS1
PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE", env_keep+="LC_COLLATE
LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES", env_keep+="LC_MONETARY
LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE", env_keep+="LC_TIME LC_ALL
LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY",
secure_path=/sbin\:/bin\:/usr/sbin\:/usr/bin
User ******** may run the following commands on this host:
(root) NOPASSWD: ALL
(root) /bin/cat, /bin/egrep, /bin/find, /bin/grep, /bin/ls, /bin/more,
/usr/bin/less, !/bin/su
(root) NOPASSWD: /usr/bin/cobbler
(root) !/bin/su
I want the cobbler command to run without password authentication. What am
I doing wrong?
_______________________________________________
Freeipa-users mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/freeipa-users
