Re: [Freeipa-users] How to use sudo rules on ubuntu

Mon, 01 Sep 2014 09:09:06 -0700 

On (01/09/14 17:52), Tevfik Ceydeliler wrote:
>
>1. I think I configure instead of this document
Sorry you didn't.

>2. I can login with ordinary user
login and sudo are not the same think.

My FreeIPA server is alredy properly configured with sudo rules.
I tried to install freipa-client on ubuntu 14.04 and it owrked without any
problem.

>>Step 0: Install freipa-client on ubuntu 14.04 and configure sudo integration
root@ubuntu1404:/# ipa-client-install --no-ntp
root@ubuntu1404:/# echo "sudoers: files sss" >> /etc/nsswitch.conf

root@ubuntu1404:/# grep services /etc/sssd/sssd.conf
services = nss, pam
root@ubuntu1404:/# sed -i -e 's/\(services.*\)/\1, sudo/' /etc/sssd/sssd.conf
root@ubuntu1404:/# grep services /etc/sssd/sssd.conf
services = nss, pam, sudo

>>Step 1: configure sudo rules for ordinary user
>>     Please follow the instructions from FreeIPA documentation.
>>     http://www.freeipa.org/docs/master/html-desktop/index.html#sudo
>>
  This step was skipped, becuase it was already done few months ago :-)

>>Step 2: login to machine as ordinary user, which is allowed to use sudo.
$ su usersssd01
Password:
$ id
uid=325600011(usersssd01) gid=325600011(usersssd01) 
groups=325600011(usersssd01),30011(biggroup1)

>>Step 3: run command
>>     sudo -l
>>     // this command should show you which commands can be executed as root
>>     // with sudo
$ sudo -l
sudo: unable to resolve host ubuntu1404.example.test
[sudo] password for usersssd01:
Matching Defaults entries for usersssd01 on ubuntu1404:
    env_reset, mail_badpass,
    
secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:/usr/bin\:/sbin\:/bin

User usersssd01 may run the following commands on ubuntu1404:
    (root) /usr/bin/less, /usr/bin/vim

>>Step 4: If there weren't any problems then user will be able to run command.
>>     sudo some_command_listed_in_step3
$ sudo /usr/bin/less /etc/shadow | wc -l
21
$ echo $?
0

$ sudo apt-get install mc
Sorry, user usersssd01 is not allowed to execute '/usr/bin/apt-get install mc' 
as root on ubuntu.example.test.
$ echo $?
1

LS

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Reply via email to