UNCLASSIFIED - RE: [Fedora-directory-users] FDS Sudo Management
Ivan Ferreira
iferreir at personal.com.py
Wed Feb 13 20:50:45 UTC 2008
I use ldap with SUDO en FDS. What is the error you get when you try to
create the entry?
Have you restarted your FDS after adding the schema file? Have you modified
the schema file to match the FDS requirements?
Here is my schema file:
98sudo.ldif
dn: cn=schema
attributeTypes: ( 1.3.6.1.4.1.15953.9.1.1 NAME 'sudoUser' DESC 'User(s) who
may run sudo' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'SUDO' )
attributeTypes: ( 1.3.6.1.4.1.15953.9.1.2 NAME 'sudoHost' DESC 'Host(s) who
may run sudo' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'SUDO' )
attributeTypes: ( 1.3.6.1.4.1.15953.9.1.3 NAME 'sudoCommand' DESC
'Command(s) to be executed by sudo' EQUALITY caseExactIA5Match SYNTAX
1.3.6.1.4.1.1466.115.121.1.26 XORIGIN 'SUDO' )
attributeTypes: ( 1.3.6.1.4.1.15953.9.1.4 NAME 'sudoRunAs' DESC 'User(s)
impersonated by sudo' EQUALITY caseExactIA5Match SYNTAX
1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'SUDO' )
attributeTypes: ( 1.3.6.1.4.1.15953.9.1.5 NAME 'sudoOption' DESC
'Options(s) followed by sudo' EQUALITY caseExactIA5Match SYNTAX
1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'SUDO' )
objectClasses: ( 1.3.6.1.4.1.15953.9.2.1 NAME 'sudoRole' SUP top STRUCTURAL
DESC 'Sudoer Entries' MUST ( cn ) MAY ( sudoUser $ sudoHost $ sudoCommand $
sudoRunAs $ sudoOption $ description ) X-ORIGIN 'SUDO' )
Also I use ldapadmin.exe with sudo plugin to manage the entries. Is
recommended.
Sample entry:
# solarisbin, sudoers, sis.personal.net.py
dn: cn=solarisbin,ou=sudoers,dc=xx,dc=xx,dc=xx,dc=xx
sudoCommand: /usr/bin/ls
sudoCommand: /usr/bin/cp
sudoCommand: /usr/bin/mkdir
sudoCommand: /usr/bin/chmod
sudoCommand: /usr/bin/chown
sudoCommand: /usr/bin/gzip
sudoCommand: /usr/bin/kill
sudoCommand: /usr/bin/mv
objectClass: top
objectClass: sudoRole
cn: solarisbin
sudoHost: ALL
sudoUser: user1
sudoUser: user2
sudoUser: user3
sudoUser: user4
sudoUser: user5
sudoUser: user6
sudoUser: user7
sudoRunAs: root
Para
"Jared B. Griffith"
<jared.griffith at farheap.com>,
"HAWKER, Dan 2 "General discussion list for the
(external)" Fedora Directory server
<Dan.HAWKER at uk4.astrium. project."
eads.net> <fedora-directory-users at redhat.c
Enviado por: om>
fedora-directory-users-b cc
ounces at redhat.com
Asunto
11/02/2008 12:59 p.m. UNCLASSIFIED - RE:
[Fedora-directory-users] FDS
Sudo Management
Clasificación
Por favor, responda a Uso Interno
"General discussion list
for the Fedora Directory
server project."
<fedora-directory-users@
redhat.com>
Has anyone managed sudoers via FDS here? I have been trying to create
LDAP entries as mentioned here:
http://www.gratisoft.us/sudo/readme_ldap.html
Which FDS will not allow me to do, even though the schemas for SUDO are
in the server.
Is there a walkthrough, or is there anyone that is managing SUDO via FDS
here successfully?
--
Hi Jared,
Am using FDS and SUDO quite successfully here. Was a bit odd to setup
(mostly due to some older clients we have here, and the effort in
consolidating the sudoers files to LDAP), but was well worth the effort.
Have just uploaded my notes about it to my external note wiki. Bit rough
around the edges, but I think its mostly there so may be of help to get
you started. (http://danwiki.wessexmc.org.uk/wiki/index.php/SUDOFDS)
HTH
Dan
--
Dan Hawker
Linux System Administrator
Astrium
http://www.astrium.eads.net
--
This email (including any attachments) may contain confidential and/or
privileged information or information otherwise protected from disclosure.
If you are not the intended recipient, please notify the sender
immediately, do not copy this message or any attachments and do not use it
for any purpose or disclose its content to any person, but delete this
message and any attachments from your system. Astrium disclaims any and all
liability if this email transmission was virus corrupted, altered or
falsified.
---------------------------------------------------------------------
Astrium Limited, Registered in England and Wales No. 2449259
REGISTERED OFFICE:-
Gunnels Wood Road, Stevenage, Hertfordshire, SG1 2AS, England
--
Fedora-directory-users mailing list
Fedora-directory-users at redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users
========================================================================================
AVISO LEGAL: Esta información es privada y confidencial y está dirigida
únicamente a su destinatario. Si usted no es el destinatario original de
este mensaje y por este medio pudo acceder a dicha información por favor
elimine el mensaje. La distribución o copia de este mensaje está
estrictamente prohibida. Esta comunicación es sólo para propósitos de
información y no debe ser considerada como propuesta, aceptación ni como
una declaración de voluntad oficial de NUCLEO S.A. La transmisión de
e-mails no garantiza que el correo electrónico sea seguro o libre de error.
Por consiguiente, no manifestamos que esta información sea completa o
precisa. Toda información está sujeta a alterarse sin previo aviso.
This information is private and confidential and intended for the
recipient only. If you are not the intended recipient of this message you
are hereby notified that any review, dissemination, distribution or
copying of this message is strictly prohibited. This communication is for
information purposes only and shall not be regarded neither as a proposal,
acceptance nor as a statement of will or official statement from NUCLEO
S.A. . Email transmission cannot be guaranteed to be secure or error-free.
Therefore, we do not represent that this information is complete or
accurate and it should not be relied upon as such. All information is
subject to change without notice.
More information about the 389-users
mailing list