Aaron, I am just now returning to this, had lots of production issues which took priority. However I just did what you said, added them individually and used a for loop w/ single quotes around the commands EVEN the ones w/ spaces and extra options. It added a lot of them but not always corrects. Sometimes it would miss half of the options, other times it would take the command and think that a '*' was a command. For example:to start tomcat 5 & 7 I have '/etc/init.d/tomcat5 *''/etc/init.d/tomcat7 *'It stripped the end single quote. Thoughts?
On Friday, November 10, 2017 8:33 AM, Andrew Meyer via FreeIPA-users freeipa-users@lists.fedorahosted.org wrote:
I will check this out and get back to you. thank you.
On Friday, November 10, 2017 8:04 AM, Aaron Cole via FreeIPA-users freeipa-users@lists.fedorahosted.org wrote:
In IPA the Cmnd_Alias is more like the sudo command group.
Basically you have 2 options on how you want to input sudo commands for rules.
1. input each command as a sudo command, and then group the commands into sudo command groups. 2. input directly into the rule, one at a time. Very nasty, and can't be reused.
The better option is #1. This is so you can reuse the command for different command groups.
The only way i have found to input multiple entries at a time, is to have all of the commands in a file, and then do a loop and add them in. You will still have to add them into command groups, and sudo rules. Kind of like this. Make sure you have kerberos credentials too, otherwise it will fail.
example file - /tmp/list - notice the quotes.. very important if there are spaces in the command '/usr/bin/less' '/usr/bin/vim' 'cat /etc/passwd'
example loop: The single quotes will carry over from the file so that the command is added in it's entirety. while read -r line; do ipa sudocmd-add $line; done < /tmp/list
You can make it fancier by adding a second entry in each line and add the description, but got to leave something to the imagination. lol.
Hope that helps Aaron. _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org