The rule is defined that all members of the developer group have sudo
access to all commands available on the machines in the office group.

Jeff

On Fri, Aug 12, 2016 at 9:58 AM, Jakub Hrozek <jhro...@redhat.com> wrote:

> On Fri, Aug 12, 2016 at 08:53:53AM -0400, Jeff Goddard wrote:
> > Jakub,
> >
> > Here is the log file output:
>
> How is the sudorule defined?
>
> > Aug 12 08:45:00 sudo[31732] user_in_group: user jgoddard NOT in group
> admin
> > Aug 12 08:45:00 sudo[31732] <- user_in_group @
> > /build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil.c:855 := false
> > Aug 12 08:45:00 sudo[31732] user jgoddard matches group admin: false @
> > usergr_matches() /build/sudo-L2mAoN/sudo-1.8.
> 16/plugins/sudoers/match.c:940
> > Aug 12 08:45:00 sudo[31732] <- usergr_matches @
>
> Here it looks like sudo tried to match user's groups against the groups
> allowed to run sudo and admin didn't match.
>



-- 
Jeff Goddard
Director of Information Technology
Emerlyn Technology

Email: jgodd...@emerlyn.com
Telephone: (603) 447-8571
Toll free: (888) 363-7596 ext. 108
Fax: (603) 356-3346
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to