Aaron, I am just now returning to this, had lots of production issues which took
priority. However I just did what you said, added them individually and used a for loop
w/ single quotes around the commands EVEN the ones w/ spaces and extra options. It added
a lot of them but not always corrects. Sometimes it would miss half of the options, other
times it would take the command and think that a '*' was a command.
For example:to start tomcat 5 & 7 I have '/etc/init.d/tomcat5
*''/etc/init.d/tomcat7 *'It stripped the end single quote.
Thoughts?
On Friday, November 10, 2017 8:33 AM, Andrew Meyer via FreeIPA-users
<freeipa-users(a)lists.fedorahosted.org> wrote:
I will check this out and get back to you. thank you.
On Friday, November 10, 2017 8:04 AM, Aaron Cole via FreeIPA-users
<freeipa-users(a)lists.fedorahosted.org> wrote:
In IPA the Cmnd_Alias is more like the sudo command group.
Basically you have 2 options on how you want to input sudo commands for rules.
1. input each command as a sudo command, and then group the commands into sudo command
groups.
2. input directly into the rule, one at a time. Very nasty, and can't be reused.
The better option is #1. This is so you can reuse the command for different command
groups.
The only way i have found to input multiple entries at a time, is to have all of the
commands in a file, and then do a loop and add them in. You will still have to add them
into command groups, and sudo rules. Kind of like this. Make sure you have kerberos
credentials too, otherwise it will fail.
example file - /tmp/list - notice the quotes.. very important if there are spaces in the
command
'/usr/bin/less'
'/usr/bin/vim'
'cat /etc/passwd'
example loop: The single quotes will carry over from the file so that the command is
added in it's entirety.
while read -r line; do ipa sudocmd-add $line; done < /tmp/list
You can make it fancier by adding a second entry in each line and add the description, but
got to leave something to the imagination. lol.
Hope that helps
Aaron.
_______________________________________________
FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
_______________________________________________
FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org