The rule is defined that all members of the developer group have sudo access to all commands available on the machines in the office group.
Jeff On Fri, Aug 12, 2016 at 9:58 AM, Jakub Hrozek <[email protected]> wrote: > On Fri, Aug 12, 2016 at 08:53:53AM -0400, Jeff Goddard wrote: > > Jakub, > > > > Here is the log file output: > > How is the sudorule defined? > > > Aug 12 08:45:00 sudo[31732] user_in_group: user jgoddard NOT in group > admin > > Aug 12 08:45:00 sudo[31732] <- user_in_group @ > > /build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil.c:855 := false > > Aug 12 08:45:00 sudo[31732] user jgoddard matches group admin: false @ > > usergr_matches() /build/sudo-L2mAoN/sudo-1.8. > 16/plugins/sudoers/match.c:940 > > Aug 12 08:45:00 sudo[31732] <- usergr_matches @ > > Here it looks like sudo tried to match user's groups against the groups > allowed to run sudo and admin didn't match. > -- Jeff Goddard Director of Information Technology Emerlyn Technology Email: [email protected] Telephone: (603) 447-8571 Toll free: (888) 363-7596 ext. 108 Fax: (603) 356-3346
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
