Ok, thanks.
2014-05-07 15:15 GMT+02:00 Rob Crittenden <[email protected]>: > Szymon Jazy wrote: > >> Hello, >> Is there a proper way in sudo rules to allow any command and exclude >> only some groups? >> Something like: >> %test_group ALL= (ALL) ALL, !SU, !SHELLS >> If I try to do this (gui/cli) I get an error: >> ipa: ERROR: commands cannot be added when command category='all' >> > > Unfortunately no. I opened https://fedorahosted.org/freeipa/ticket/4340 > > > Non proper way (bug ?) is to first add deny groups and after that add >> allow all :) >> It should be fixed in this, but it seems to still work >> (freeipa-server-3.3.4-3) >> https://fedorahosted.org/freeipa/ticket/1440 >> > > Right, it was an incomplete fix. I opened https://fedorahosted.org/ > freeipa/ticket/4341 to address that, though to be coordianted with 4340 > so we don't remove your workaround first. > > rob > >
_______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
