hi all,

I tried and figured it out..

ipa sudorule-add-runasuser <sudo_rule_name> --users=<local-service-account>

Is the command syntax I was looking for.
I guess that if the --users isn't an ipa user it is automatically
flagged as an external user.

Rob Verduijn

2016-02-04 17:33 GMT+01:00 Jakub Hrozek <jhro...@redhat.com>:
> On Thu, Feb 04, 2016 at 04:00:50PM +0000, Baird, Josh wrote:
>> Actually, I use local (external) users in my sudo rules in IPA 4.2 with no 
>> problem.
>> Example:
>>   Rule name: TestDBAs
>>   Description: access for members of the TestDBAs group
>>   Enabled: TRUE
>>   Command category: all
>>   User Groups: testdbas
>>   Host Groups: corp_oracle
>>   RunAs External User: oracle
> ipaSudoRunAsExtUser, ipaSudoRunAsExtGroup and ipaSudoRunAsExtUserGroup
> -- that's the user you want to run sudo as. That's still supported.

Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to