Hello,

I want to know how can I give directory permissions on a client to a domain
user in FreeIPA.


I'm using "runasuser" feature in sudo policy to give my domain users
permission to run local services on client.

Here is an example:
I have a service on my client called "*abc*" located at "/home/abc/" and
locally run by local user called "*abc*"

I have used runasuser feature in sudo policy rules to let domain users
(say: *u...@mydomain.dc*) run the service. *usr* can run scripts, read and
edit files and stop/start services, using *abc*'s permissions and without
any problem.

But the problem I have faced is, when I want "*usr*" to traverse
subdirectories under "*/home/abc/*" it doesn't work.
I have defined sudocmd for cd command and added it as allow-command to
appropriate sudorule. my sudocmd definitions are like this:


*ipa sudocmd-add --desc="ttttttt" 'cd /home/abc/n/'*

*ipa sudocmd-add --desc="ttttttt" 'cd /home/abc/m/'*
*ipa sudocmd-add --desc="ttttttt" 'cd /home/abc/n/q/'*

While *usr* can run the *cd* command without error, it doesn't work and
*pwd* still shows* /home/usr* as current directory.
what *usr* runs is:
*$ sudo -u abc cd /home/abc/m*/
-- 
respectfully
m-dehghan
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to