Hi, I have a sudo rule in IPA that has the !authenticate option added to enable admins to execute certain programs as root without authentication.
It doesn't work. There is another rule for the admins that allow all commands as long as they give their password. In a sudoers file, you can solve this by specifing the nopasswd rule as last. sudo -l from an IPA-client gives me this: *******@svr001 ~]$ sudo -l Matching Defaults entries for ******* on this host: requiretty, !visiblepw, always_set_home, env_reset, env_keep="COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC KDEDIR LS_COLORS", env_keep+="MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE", env_keep+="LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES", env_keep+="LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE", env_keep+="LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY", secure_path=/sbin\:/bin\:/usr/sbin\:/usr/bin User ******** may run the following commands on this host: (root) NOPASSWD: ALL (root) /bin/cat, /bin/egrep, /bin/find, /bin/grep, /bin/ls, /bin/more, /usr/bin/less, !/bin/su (root) NOPASSWD: /usr/bin/cobbler (root) !/bin/su I want the cobbler command to run without password authentication. What am I doing wrong?
_______________________________________________ Freeipa-users mailing list Freeipaemail@example.com https://www.redhat.com/mailman/listinfo/freeipa-users