Re: sudo group with a space

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Just an update, the sudo rules using groups worked in SSSD but not pam ldap. 

On May 22, 2013, at 10:15 PM, Dan Lavu <dan@xxxxxxxx> wrote:

John,

Thanks for all the info. I'm running a very similar setup but I'm still using the legacy sudo-ldap.conf for my sudo info, I'll install sudo-sss and give that a whirl. 

Dan

On May 22, 2013, at 8:09 PM, Jonathan Vaughn <jonathan@xxxxxxxxxxxxx> wrote:

we're using sssd for Kerberos logins with LDAP user account details, and it's caching sudo LDAP for us too. I'm not sure off hand if it'll work with nested groups if you use them - we haven't used nested groups on any of the groups we've used with sudo (due to other various programs failing to support either recursing through groups or using the memberof attribute on the user).

For that example I gave before, the other sudo values are:
sudocommand: ALL
sudohost: ALL

On other sudoroles we have specific commands and hosts too. We're not using any other sudo attributes on our sudoroles at the moment (we actually need to update the schema for the version of sudo we're running, since it expectes sudorunasuser and sudorunasgroup rather than sudorunas, for example).

On Wed, May 22, 2013 at 7:54 PM, Dan Lavu <dan@xxxxxxxx> wrote:
John,

Thats the last thing I wanted to hear. What attributes do you have, sudouser, sudooptions, sudorun? Also are you using sssd or pam ldap?

Dan


On May 22, 2013, at 7:52 PM, Jonathan Vaughn <jonathan@xxxxxxxxxxxxx> wrote:

Works for us fine without any fancy treatment:
sudouser: %Global System Administrators

using sudo 1.8.something on centos.

On Wed, May 22, 2013 at 7:36 PM, Dan Lavu <dan@xxxxxxxx> wrote:
Has anybody successfully created a sudoers group in 389 that contains a space? Whatever way I try to escape the space in my sudouser attribute it just doesn't like it. I'm able to escape the space in /etc/sudoers by using \ .

So..

sudouser: %domain\ admins
sudouser: %domain admins
sudouser: \%domain\ admins
sudouser: "%domain admins"
sudouser: '%domain admins'

have not worked, thanks in advance.

Dan
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users

--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users


--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users

--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users


--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux