[sudo-users] ability to su to users in AD group
Landry, Stéphane
Stephane.Landry at tbs-sct.gc.ca
Thu May 25 11:58:54 MDT 2017
Hi,
I'm trying to limit the use of su to certain users in an AD group.
For example, I need something similar to the following in the sudoers file
%domaingroup ALL=(ALL) NOPASSWD: /bin/su - username
But instead of the username which works, I need to specify the AD group which has a list of usernames that get updated regularly. In this way I can control which domain users I can su as.
I'm looking for something like
%domaingroup ALL=(ALL) NOPASSWD: /bin/su - %domaingroup2
So that the users in domaingroup can take the identities of only the users in domaingroup2
Thanks
Stephane Landry
More information about the sudo-users
mailing list