[sudo-users] sudoCommand and LDAP

Mark mark at mbfk.net
Mon Apr 10 10:02:09 EDT 2006

Hey stebo,

I've set it up like this on HPUX :

First I create a sudoRole.
Then I add all the commands I want to give to the role as a seperate
sudoCommand attribute.
Then I either add all the users I want to give the role to as a sudoUser
attribute or I add a unix group as sudoUser attribute which contains all
the users already. Note that the notation of a unixgroup is like this :
sudoUser %unixgroupname.

In the end the entry is going to look something like this :

objectClass top
objectClass sudoRole
cn  name_of_role
description 'your description'
sudoCommand /usr/bin/command1
sudoCommand /usr/bin/command2
sudoCommand /path/to/commands/directory/
sudoHost ALL || name_of_netgroup
sudoUser username1
sudoUser username2
sudoUser %unix_group_name

My groups are also in ldap, but they can also be groups in /etc/group.

Hope this helps...


Make install - not war

stebo stebo raaskalde het volgende mijn kant op :
> Hi all,
> I've setup an environment with Sudo, Ldap and netgroup, works great.
> Now, I do not seem to get things running with Ldap groups in Sudo.
> What I really want is somthing like:
> sudocommand = sysAdminCommands (a Ldap-group of commands)
> sudohost = sysAdminHosts (a netgroup)
> sudouser = sysAdminUser (a Ldap-group of users)
>  Does it matter where in the directory tree these groups are created.
> Have anyone done this before?
> Regards
> --Stebo
> ____________________________________________________________
> sudo-users mailing list <sudo-users at sudo.ws>
> For list information, options, or to unsubscribe, visit:
> http://www.sudo.ws/mailman/listinfo/sudo-users

More information about the sudo-users mailing list