On 05/12/2015 04:44 PM, Andrey Ptashnik wrote:
We have RHEL 7.1 and IPA server 4.1.0 in our environment as well as
stack of Oracle software that require existence of local passwordless
users like weblogic and oracle.
Users log in to servers via domain accounts at IPA server.
I'm trying to configure Sudo policy in IPA server that will allow
users in the company to log in to servers in IPA domain and switch to
weblogic or oracle user without having to enter any passwords, but
also without increasing their privileges to root.
Using plain /etc/sudoers file it can be accomplished something like below:
%users ALL = (root)
Users will be who of the IPA sudo rule
This will be an option that you would put into the sudo rule
/bin/su -- oracle
This will be the command. You create a command and then reference it in
At least this is what I would try.
How can I configure this behavior in IPA server?
Director of Engineering for IdM portfolio
Red Hat, Inc.
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project