Disregard .. I figured it out

just added /usr/bin fdisk -l to command list
run as user root and applied the command to sudo rule

Running as expected where sudo fdisk /dev/sda fails but sudo fdisk -l works





Sean Hogan





From:   Sean Hogan/Durham/IBM@IBMUS
To:     freeipa-users <freeipa-users@redhat.com>
Date:   03/27/2017 01:55 PM
Subject:        [Freeipa-users] Sudo Rule flag limitations
Sent by:        freeipa-users-boun...@redhat.com



Hello,

I was wondering how possible it would be to allow sudo commands with
certain flags but not the actual command

Case in point:

If a user requests sudo fdisk -l to view partitions can this be set without
giving access to sudo fdisk /dev/sda ?

Would the sudo rule have to deny fdisk /dev/sda but allow fdisk -l? Not
really sure how that would work.


                                             
 ipa-client-3.0.0-50.el6.1.x86_64            
 ipa-server-selinux-3.0.0-50.el6.1.x86_64    
 ipa-server-3.0.0-50.el6.1.x86_64            
 sssd-ipa-1.13.3-22.el6_8.4.x86_64           
 python-libipa_hbac-1.13.3-22.el6_8.4.x86_64 
 ipa-admintools-3.0.0-50.el6.1.x86_64        
 python-iniparse-0.3.1-2.1.el6.noarch        
                                             




                                    
                                    
                                    


Thank you



Sean Hogan




--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to