Hi,

I have a sudo rule in IPA that has the !authenticate option added to enable
admins to execute certain programs as root without authentication.

It doesn't work. There is another rule for the admins that allow all
commands as long as they give their password.

In a sudoers file, you can solve this by specifing the nopasswd rule as
last.

sudo -l from an IPA-client gives me this:

*******@svr001 ~]$ sudo -l
Matching Defaults entries for ******* on this host:
    requiretty, !visiblepw, always_set_home, env_reset, env_keep="COLORS
    DISPLAY HOSTNAME HISTSIZE INPUTRC KDEDIR LS_COLORS", env_keep+="MAIL PS1
    PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE", env_keep+="LC_COLLATE
    LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES", env_keep+="LC_MONETARY
    LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE", env_keep+="LC_TIME LC_ALL
    LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY",
    secure_path=/sbin\:/bin\:/usr/sbin\:/usr/bin

User ******** may run the following commands on this host:
    (root) NOPASSWD: ALL
    (root) /bin/cat, /bin/egrep, /bin/find, /bin/grep, /bin/ls, /bin/more,
    /usr/bin/less, !/bin/su
    (root) NOPASSWD: /usr/bin/cobbler
    (root) !/bin/su

I want the cobbler command to run without password authentication. What am
I doing wrong?
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to