That does seem to work for me as well, however I can only add the external user via the web-gui
Any idea how to do this with the command line tools ? Rob Verduijn 2016-02-04 17:00 GMT+01:00 Baird, Josh <jba...@follett.com>: > Actually, I use local (external) users in my sudo rules in IPA 4.2 with no > problem. > > Example: > > Rule name: TestDBAs > Description: access for members of the TestDBAs group > Enabled: TRUE > Command category: all > User Groups: testdbas > Host Groups: corp_oracle > RunAs External User: oracle > > In this example, 'oracle' is a local user on the server (not in IPA). I hope > this functionality does not go away. > > Thanks, > > Josh > >> -----Original Message----- >> From: freeipa-users-boun...@redhat.com [mailto:freeipa-users- >> boun...@redhat.com] On Behalf Of Rob Verduijn >> Sent: Thursday, February 04, 2016 10:54 AM >> To: Jakub Hrozek >> Cc: freeipa-users@redhat.com >> Subject: Re: [Freeipa-users] what is the sudo rule runasuser local user >> account >> >> On Centos7.2 all patches applied I used the command: >> ipa-client-install --enable-dns-updates >> >> Rob >> >> 2016-02-04 16:45 GMT+01:00 Jakub Hrozek <jhro...@redhat.com>: >> > On Thu, Feb 04, 2016 at 03:52:25PM +0100, Rob Verduijn wrote: >> >> Hello, >> >> >> >> I've noticed that the sudorule-add-runasuser no longer has en >> >> --external option >> >> >> >> What is the current method to add a local service account to a sud >> >> rule list so that users may run sudo as that service account (ie >> >> apache or jboss) >> >> >> >> Cheers >> >> Rob Verudijn >> > >> > I know I'm not answering your question but how did you configure the >> > client side earlier? Did you use the native/legacy sudo ldap driver? >> > >> > The reason I'm asking this is that sssd only supports users it >> > handles, so in the IPA case it only supports IPA users anyway.. >> > >> > -- >> > Manage your subscription for the Freeipa-users mailing list: >> > https://www.redhat.com/mailman/listinfo/freeipa-users >> > Go to http://freeipa.org for more info on the project >> >> -- >> Manage your subscription for the Freeipa-users mailing list: >> https://www.redhat.com/mailman/listinfo/freeipa-users >> Go to http://freeipa.org for more info on the project -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
