On 02/23/2017 03:43 PM, Auerbach, Steven wrote:
Yes, I implemented in Policy -> Sudo -> Sudo Commands as:

Sudo Command:              NOPASSWD: /sbin/vgs

NOPASSWD is used in /etc/sudoers. In IPA, create a sudo option "!authenticate" instead.

The script (executed by a non-root, administrative group user on an
enrolled host) specifies:


hostname >> statresults.txt

cat /etc/redhat-release >> statresults.txt

uname -r >> statresults.txt

printf "\n " >> statresults.txt

sudo vgs >> statresults.txt


Running the script I still was prompted for a password. So I guess this
does not work.

*From:* Jason B. Nance [mailto:ja...@tresgeek.net]
*Sent:* Wednesday, February 22, 2017 11:59 AM
*To:* Auerbach, Steven <steven.auerb...@flbog.edu>
*Cc:* freeipa-users@redhat.com
*Subject:* Re: [Freeipa-users] sudo NOPASSWD for a single command

    We have a script stored on a particular server in our realm that
    executes a number of non-privileged commands and are wanting to add
    /sbin/vgs command. The script uses SSH to then execute the same set
    of commands on all the servers in the realm.

    The owner of the script is in the administrator group and there are
    sudoer commands for the administrator group in general.  We need to
    place a rule for this one command for either this group or the
    script owner to run NOPASSWD.

    Where and how would I specify that in the IPA admin console?

Have you tried creating your command in IPA as "NOPASSWD: /sbin/vgs"
(Policy -> Sudo -> Sudo Commands)?

Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to