Is there a proper way in sudo rules to allow any command and exclude only
%test_group ALL= (ALL) ALL, !SU, !SHELLS
If I try to do this (gui/cli) I get an error:
ipa: ERROR: commands cannot be added when command category='all'
Non proper way (bug ?) is to first add deny groups and after that add allow
It should be fixed in this, but it seems to still work
Freeipa-users mailing list