On Tue, Sep 15, 2015 at 01:58:07PM +0300, Alexander Bokovoy wrote:
> On Tue, 15 Sep 2015, Molnár Domokos wrote:
> >>#hostnamectl set-hostname nappali.silva
> >>on modern systems.
> >>>doma@nappali:/home/doma> hostname --fqdn
> >doma@nappali:/home/doma> su
> >nappali:/home/doma # hostnamectl set-hostname nappali.szilva
> >nappali:/home/doma # hostname
> >nappali:/home/doma # hostname --fqdn
> >nappali.szilvanappali:/home/doma # su doma
> >sh-4.2$ sudo ls
> >doma's password:
> > Now it works, the rule is matched.I'm not sure this is the
> > intended way especially seeing the fqdn mechanism in the sudo code
> > but I'll just keep it that way.Thank you.
> sudo doesn't do normalization and IPA's way of exposing host names is
> by using by default fqdn. So sudo compares local hostname with
> fqdn-based one, guess which way it will succeed?
> You theoretically could have every hostname in IPA registered non-fqdn
> but what you cannot have is a mix between fqdn- and non-fqdn names.
You can have registered a different hostname with IPA than what
hostname(1) reports, we have an ipa_hostname parameter for that. But
there's no way for sudo to learn about it..
> / Alexander Bokovoy
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project