I have a problem using sudo policy in FreeIPA when target commands use
environment variables defined on a specific local user's profile.

Here is the problem:

1- There is a client machine with local user called *srvusr .*this user has
permission to run *target_cmd*.

2- *target_cmd* is dependent on environment variables defined in *srvusr'*s
profile. Even before joining to FreeIPA, users had to use "su *srvusr*"
command to get permission for executing the *target_cmd*.

3- I defined a sudo policy for *target_cmd* to be executed by external
user   permissions (*srvusr)*.

4- when I run sudo -l on client machine it says IPA user has permission to
run  *target_cmd* with *srvusr* privileges.

5- The command I run with my IPA user is:
$ sudo -H  -u  *srvusr*  */path/to/**target_cmd*    *target_cmd**_argument*
$ sudo -H  -u  *srvusr*  */path/to/**target_cmd*

I used -H to inherit target user's environment variables

The command fails to run and the error is:

 "Check environment error! environment not defined or NULL"

I would be glad if someone help me to find a solution for that!

thanks for your advice in advance
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to