Thanks Dominik, that did the trick!
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/cod
On Fri, Jan 22, 2021 at 05:11:43PM -, Russ Long via FreeIPA-users wrote:
> OK, OK, I had a bad title, but as I mentioned in my original
> message, I've also tried creating a sudo rule that allows all
> commands to be run as
>
> "USER". Anyways, I'm now on to trying to figure out how to make
>
OK, OK, I had a bad title, but as I mentioned in my original message, I've also
tried creating a sudo rule that allows all commands to be run as
"USER". Anyways, I'm now on to trying to figure out how to make the
ipa_sudorule module work with this RunAs user config, since that doesn't seem
to b
On 1/22/2021 10:16 AM, Dominik Vogt via FreeIPA-users wrote:
__
On Fri, Jan 22, 2021 at 03:33:50PM -, Russ Long via FreeIPA-users wrote:
I'm trying to come up with a Sudo rule that will allow a user to
"su" to only a single
Thanks all, I'm trying to do this all in IPA as I have a fleet of boxes this
rule needs to be setup on.
I was able to create the rule in the IPA GUI, but now, trying to create it
using the `ipa_sudorule` Ansible module is giving me fits. I can't figure out
how to add the `Run As User` to the
On Fri, Jan 22, 2021 at 03:33:50PM -, Russ Long via FreeIPA-users wrote:
> I'm trying to come up with a Sudo rule that will allow a user to
> "su" to only a single specified user. I need to give a DBA access
> to the oracle user account.
>
> This serverfault article details exactly what I want
sss_cache -E to invalidate all cache, you can be more refined with other
options.
Regards
Angus
From: Russ Long via FreeIPA-users
Sent: 22 January 2021 16:39
To: freeipa-users@lists.fedorahosted.org
Cc: Russ Long
Subject: [Freeipa-users] Re: Allow "su
I edited sudoers by hand however it should give you something to aim towards ...
[root@orable76 ~]# grep angus /etc/sudoers
angus ALL=NOPASSWD: /usr/bin/su - appuser
[root@orable76 ~]# su - angus
Last login: Fri Jan 22 17:01:30 CET 2021 on pts/0
[angus@orable76 ~]$ sudo su - appuser
Last login
And caching is no fun. The second option, to allow all commands to be run as
the specified user works if I wait for the cache to expire.
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-user