On Mon, 02 May 2016, Jakub Hrozek wrote:
On Mon, May 02, 2016 at 10:22:49AM -0400, Rob Crittenden wrote:
Przemysław Orzechowski wrote:
> Hi
>
> Im trying to create a single usergroup for sudo enabled users for both
> Centos and Ubuntu users
> The problem is on centos its group wheel (10), and on ubuntu its sudo
> (27) how do i have tried to do it using ID view but somehow im not
> getting it right
>
> btw
> Centos clients versions 6.x, 7.x
> Ubuntu clients versions 12.04,14.04,16.04
> Ipa server is on Centos 7  IPA VERSION: 4.2.0, API_VERSION: 2.156
>
> Regards
> Przemyław Orzechowski
>

But aren't these groups used only if you use files for sudo (and even that
is just a default)? If you are using IPA to provide the sudo rules then the
group you choose shouldn't matter.

rob

Doesn't polkit also use membership in these group to determine if the
user is a 'local admin' ? I haven't configured this kind of setup
myself, though. But if it is the case, the user is probably looking for:
   https://sourceware.org/glibc/wiki/Proposals/GroupMerging
There are many ways to achieve the same:
http://www.freeipa.org/page/Howto/FreeIPA_PolicyKit

I'd prefer to use HBAC and set 'polkit-1' and 'sudo' services via HBAC
rules to grant access on the machines.
--
/ Alexander Bokovoy

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to