[Freeipa-users] Re: freeipa sudoers help

You don't need to add a "*" to those command as an argument. "/etc/init.d/tomcat5 *" is the same as "/etc/init.d/tomcat5". This allows all command line arguments to be passed. Meaning you do not have to have a wildcard to allow all command line arguments to be processed, because the base

[Freeipa-users] Re: freeipa sudoers help

Aaron, I am just now returning to this, had lots of production issues which took priority.  However I just did what you said, added them individually and used a for loop w/ single quotes around the commands EVEN the ones w/ spaces and extra options.  It added a lot of them but not always

[Freeipa-users] Re: freeipa sudoers help

I will check this out and get back to you.  thank you. On Friday, November 10, 2017 8:04 AM, Aaron Cole via FreeIPA-users wrote: In IPA the Cmnd_Alias is more like the sudo command group. Basically you have 2 options on how you want to input sudo

[Freeipa-users] Re: freeipa sudoers help

In IPA the Cmnd_Alias is more like the sudo command group. Basically you have 2 options on how you want to input sudo commands for rules. 1. input each command as a sudo command, and then group the commands into sudo command groups. 2. input directly into the rule, one at a time. Very nasty,

[Freeipa-users] Re: FreeIPA sudoers

ndrewm...@yahoo.com>, "FreeIPA users list" <freeipa-users@lists.fedorahosted.org>, "FreeIPA users list" <freeipa-users@lists.fedorahosted.org> Cc: "Rob Crittenden" <rcrit...@redhat.com>, "Andrew Meyer" <andrewm...@yahoo.com&g

[Freeipa-users] Re: FreeIPA sudoers

<freeipa-users@lists.fedorahosted.org>, "FreeIPA users list" <freeipa-users@lists.fedorahosted.org> Cc: "Rob Crittenden" <rcrit...@redhat.com>, "Andrew Meyer" <andrewm...@yahoo.com> Sent: Wednesday, November 8, 2017 3:47:42 PM Subject: [Freeip

[Freeipa-users] Re: FreeIPA sudoers

Nm.  I fixed it. On Wednesday, November 8, 2017 2:28 PM, Andrew Meyer via FreeIPA-users wrote: so looking at the logs it find a rule: (Wed Nov  8 14:23:29 2017) [sssd[sudo]] [sudosrv_cached_rules_by_user] (0x0400): Replacing sudoUser attribute

[Freeipa-users] Re: FreeIPA sudoers

so looking at the logs it find a rule: (Wed Nov  8 14:23:29 2017) [sssd[sudo]] [sudosrv_cached_rules_by_user] (0x0400): Replacing sudoUser attribute with sudoUser: #115463(Wed Nov  8 14:23:29 2017) [sssd[sudo]] [sudosrv_query_cache] (0x0200): Searching sysdb with

[Freeipa-users] Re: FreeIPA sudoers

Andrew Meyer via FreeIPA-users wrote: > Hello, i'm having some trouble getting sudoers to work. > > I have 5 machines joined to the FreeIPA domain and I have a user group > called ops and ops_sudoers. Both have permission to full sudo. > > > [andrew.meyer@jira02 ~]$ ipa sudorule-find ALL >

[Freeipa-users] Re: freeipa sudoers help

Andrew Meyer wrote: > What would the equivalent of Cmnd_Alias DEVS? Is that somewhere in the > documentation? I was also trying to find something to convert my > sudoers to what it would be in IPA commands. For Cmnd_Alias I'm not sure if it is supported or documented. IPA just uses the

[Freeipa-users] Re: freeipa sudoers help

What would the equivalent of Cmnd_Alias DEVS?  Is that somewhere in the documentation?  I was also trying to find something to convert my sudoers to what it would be in IPA commands.  On Thursday, November 2, 2017 4:02 PM, Rob Crittenden via FreeIPA-users

[Freeipa-users] Re: freeipa sudoers help

Andrew Meyer via FreeIPA-users wrote: > In preparation for a migration I am trying to setup sudoers within > freeipa. I have about a dozen people that will need to sudo to another > user and run commands. However I want to add all the commands for that > user into my rule. > > would this be