On Tue, Sep 15, 2015 at 01:58:07PM +0300, Alexander Bokovoy wrote: > On Tue, 15 Sep 2015, Molnár Domokos wrote: > >>#hostnamectl set-hostname nappali.silva > >>on modern systems. > >> > >>>doma@nappali:/home/doma> hostname --fqdn > >>>nappali.szilva > >doma@nappali:/home/doma> su > >Password: > >nappali:/home/doma # hostnamectl set-hostname nappali.szilva > >nappali:/home/doma # hostname > >nappali.szilva > >nappali:/home/doma # hostname --fqdn > >nappali.szilvanappali:/home/doma # su doma > >sh-4.2$ sudo ls > >doma's password: > >20140921.ZIP > >Oracle_VM_VirtualBox_Extension_Pack-4.3.26-98988.vbox-extpack > >42646515_eb8d7dcabe416247463f1bc8652adced.pdf > > Now it works, the rule is matched.I'm not sure this is the > > intended way especially seeing the fqdn mechanism in the sudo code > > but I'll just keep it that way.Thank you. > sudo doesn't do normalization and IPA's way of exposing host names is > by using by default fqdn. So sudo compares local hostname with > fqdn-based one, guess which way it will succeed? > > You theoretically could have every hostname in IPA registered non-fqdn > but what you cannot have is a mix between fqdn- and non-fqdn names.
You can have registered a different hostname with IPA than what hostname(1) reports, we have an ipa_hostname parameter for that. But there's no way for sudo to learn about it.. > -- > / Alexander Bokovoy -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project