I want to know how can I give directory permissions on a client to a domain
user in FreeIPA.
I'm using "runasuser" feature in sudo policy to give my domain users
permission to run local services on client.
Here is an example:
I have a service on my client called "*abc*" located at "/home/abc/" and
locally run by local user called "*abc*"
I have used runasuser feature in sudo policy rules to let domain users
(say: *u...@mydomain.dc*) run the service. *usr* can run scripts, read and
edit files and stop/start services, using *abc*'s permissions and without
But the problem I have faced is, when I want "*usr*" to traverse
subdirectories under "*/home/abc/*" it doesn't work.
I have defined sudocmd for cd command and added it as allow-command to
appropriate sudorule. my sudocmd definitions are like this:
*ipa sudocmd-add --desc="ttttttt" 'cd /home/abc/n/'*
*ipa sudocmd-add --desc="ttttttt" 'cd /home/abc/m/'*
*ipa sudocmd-add --desc="ttttttt" 'cd /home/abc/n/q/'*
While *usr* can run the *cd* command without error, it doesn't work and
*pwd* still shows* /home/usr* as current directory.
what *usr* runs is:
*$ sudo -u abc cd /home/abc/m*/
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project