I am trying to figure out how (or if its even possible) to use wildcard type sudo rules in FreeIPA.
I setup Sudo rules usage and so far seems to be working - at least if I setup ALL type rules for Hosts. However it looks like I have to add specifc allowed hosts in the GUI as they either appear in the host list or add them in the External option box. However that makes it messy / non scalable if I want to create a group of users that have access to a large number of host types, say db servers or something. File based sudo rules allow for constructs such as: someusername *dbserver* = /opt/appname/admintools/run_admin_tools.sh Which allows someuser to have sudo options on any hostname matching *dbserver* and then run the command allowed. This all currently seems doable in IPA except the wildcard part for hostnames / domains etc. Apologizes if I missed this in the docs. Thanks in advance for any ideas (command line methods?) Running: ipa-server-3.0.0-37 sssd-1.9.2 -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project