What would the equivalent of Cmnd_Alias DEVS? Is that somewhere in the documentation? I
was also trying to find something to convert my sudoers to what it would be in IPA
commands.
On Thursday, November 2, 2017 4:02 PM, Rob Crittenden via FreeIPA-users
<freeipa-users(a)lists.fedorahosted.org> wrote:
Andrew Meyer via FreeIPA-users wrote:
In preparation for a migration I am trying to setup sudoers within
freeipa. I have about a dozen people that will need to sudo to another
user and run commands. However I want to add all the commands for that
user into my rule.
would this be best practice to add ALL the commands into 1 rule? or
should I do a sudocmdgroup?
Up to you but that's what the groups were made for: to combine a common
set of commands together to make management easier. Seems to fit well.
ipa sudorule-add-allow-command --sudocmds "/usr/bin/vim"
files-commands
Would I just put a comma after each command? Or should I do this all
individually and add all the commands to a cmd group?
Try: --sudocmds={"/usr/bin/vim","cat /etc/passwd",...}
Bash will expand it.
I'd use a group though so you can make one change and affect any/all rules.
rob
_______________________________________________
FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org