On 10/08/2015 04:26 PM, Karl Forner wrote:
you are prompted for password because (ALL) ALL rule is applied because of last-match
rule. > > > See: http://www.sudo.ws/man/1.8.13/sudoers.ldap.man.html sudoOrder.
Ok. I updated the rules to use a sudoorder attribute of 100 for the
/usr/bin/less sudo rule.
Now, if I type in a terminal:
Matching Defaults entries for karl on midgard:
User karl may run the following commands on xxxx:
(root) NOPASSWD: /usr/bin/git status, /usr/local/bin/git status
(ALL) NOPASSWD: /usr/bin/less
so my less rule is the last one. So far so good.
%sudo -l less
but if I type in a new terminal:
%sudo less .bashrc
[sudo] password for karl:
I am prompted to type in a password.
So there seems to be a problem, right ?
we have a bug in sssd in versions prior 1.13.1:
where sudoOrder attribute is treated the other ways around. Please, try
inverting the order. What version of sssd do you use?
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project