Hello, I want to know how can I give directory permissions on a client to a domain user in FreeIPA.
I'm using "runasuser" feature in sudo policy to give my domain users permission to run local services on client. Here is an example: I have a service on my client called "*abc*" located at "/home/abc/" and locally run by local user called "*abc*" I have used runasuser feature in sudo policy rules to let domain users (say: *[email protected]*) run the service. *usr* can run scripts, read and edit files and stop/start services, using *abc*'s permissions and without any problem. But the problem I have faced is, when I want "*usr*" to traverse subdirectories under "*/home/abc/*" it doesn't work. I have defined sudocmd for cd command and added it as allow-command to appropriate sudorule. my sudocmd definitions are like this: *ipa sudocmd-add --desc="ttttttt" 'cd /home/abc/n/'* *ipa sudocmd-add --desc="ttttttt" 'cd /home/abc/m/'* *ipa sudocmd-add --desc="ttttttt" 'cd /home/abc/n/q/'* While *usr* can run the *cd* command without error, it doesn't work and *pwd* still shows* /home/usr* as current directory. what *usr* runs is: *$ sudo -u abc cd /home/abc/m*/ -- respectfully m-dehghan
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
