hi all, I tried and figured it out..
ipa sudorule-add-runasuser <sudo_rule_name> --users=<local-service-account> Is the command syntax I was looking for. I guess that if the --users isn't an ipa user it is automatically flagged as an external user. Cheers Rob Verduijn 2016-02-04 17:33 GMT+01:00 Jakub Hrozek <jhro...@redhat.com>: > On Thu, Feb 04, 2016 at 04:00:50PM +0000, Baird, Josh wrote: >> Actually, I use local (external) users in my sudo rules in IPA 4.2 with no >> problem. >> >> Example: >> >> Rule name: TestDBAs >> Description: access for members of the TestDBAs group >> Enabled: TRUE >> Command category: all >> User Groups: testdbas >> Host Groups: corp_oracle >> RunAs External User: oracle > > ipaSudoRunAsExtUser, ipaSudoRunAsExtGroup and ipaSudoRunAsExtUserGroup > -- that's the user you want to run sudo as. That's still supported. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project