[sudo-users] sudoCommand and LDAP
Mark
mark at mbfk.net
Mon Apr 10 10:02:09 EDT 2006
Hey stebo,
I've set it up like this on HPUX :
First I create a sudoRole.
Then I add all the commands I want to give to the role as a seperate
sudoCommand attribute.
Then I either add all the users I want to give the role to as a sudoUser
attribute or I add a unix group as sudoUser attribute which contains all
the users already. Note that the notation of a unixgroup is like this :
sudoUser %unixgroupname.
In the end the entry is going to look something like this :
objectClass top
objectClass sudoRole
cn name_of_role
description 'your description'
sudoCommand /usr/bin/command1
sudoCommand /usr/bin/command2
sudoCommand /path/to/commands/directory/
sudoHost ALL || name_of_netgroup
sudoUser username1
sudoUser username2
sudoUser %unix_group_name
My groups are also in ldap, but they can also be groups in /etc/group.
Hope this helps...
Greetz,
Mark
--
Make install - not war
stebo stebo raaskalde het volgende mijn kant op :
> Hi all,
>
> I've setup an environment with Sudo, Ldap and netgroup, works great.
>
> Now, I do not seem to get things running with Ldap groups in Sudo.
> What I really want is somthing like:
>
> sudocommand = sysAdminCommands (a Ldap-group of commands)
> sudohost = sysAdminHosts (a netgroup)
> sudouser = sysAdminUser (a Ldap-group of users)
>
> Does it matter where in the directory tree these groups are created.
> Have anyone done this before?
>
> Regards
> --Stebo
> ____________________________________________________________
> sudo-users mailing list <sudo-users at sudo.ws>
> For list information, options, or to unsubscribe, visit:
> http://www.sudo.ws/mailman/listinfo/sudo-users
>
More information about the sudo-users
mailing list