Yes, I implemented in Policy -> Sudo -> Sudo Commands as:
Sudo Command:              NOPASSWD: /sbin/vgs

The script (executed by a non-root, administrative group user on an enrolled 
host) specifies:
hostname >> statresults.txt
cat /etc/redhat-release >> statresults.txt
uname -r >> statresults.txt
printf "\n " >> statresults.txt
sudo vgs >> statresults.txt
Running the script I still was prompted for a password. So I guess this does 
not work.

From: Jason B. Nance []
Sent: Wednesday, February 22, 2017 11:59 AM
To: Auerbach, Steven <>
Subject: Re: [Freeipa-users] sudo NOPASSWD for a single command

We have a script stored on a particular server in our realm that executes a 
number of non-privileged commands and are wanting to add /sbin/vgs command. The 
script uses SSH to then execute the same set of commands on all the servers in 
the realm.
The owner of the script is in the administrator group and there are sudoer 
commands for the administrator group in general.  We need to place a rule for 
this one command for either this group or the script owner to run NOPASSWD.
Where and how would I specify that in the IPA admin console?
Have you tried creating your command in IPA as "NOPASSWD: /sbin/vgs" (Policy -> 
Sudo -> Sudo Commands)?

Manage your subscription for the Freeipa-users mailing list:
Go to for more info on the project

Reply via email to