[sudo-users] ldap sudoRunAs groups

Joe Sokhn joe_sokhn at hotmail.com
Mon Feb 26 22:06:31 EST 2007


Hi ,
It seams that sudoRunas doesn't handle group or net group like sudoUsers .
 
Is there any workaround in order not to declare all the users one by one in sudoRunAs.
 
I need to do a sudoers rules in ldap that allow all the users in %wheel to do only a kill to processes of all users in %wheel.
 
 
here is my actual config
 
bash$ ldaplist -l sudoersdn: cn=defaults, ou=SUDOers, dc=fr,dc=dmc,dc=com        sudoRunAs: user1        sudoRunAs: user2        sudoRunAs: user3        sudoCommand: /opt/SUNWspro/bin/dbx        sudoCommand: /usr/bin/kill        sudoCommand: /usr/bin/pstack        sudoCommand: /usr/bin/ls        sudoUser: %wheel        sudoOption: ignore_local_sudoers        sudoHost: ALL        objectClass: top        objectClass: sudoRole        cn: defaults        description: Default sudoOption's go here
dn: cn=root, ou=sudoers, dc=fr,dc=dmc,dc=com        sudoUser: root        objectClass: top        objectClass: sudoRole        sudoCommand: (ALL) ALL        cn: root        sudoHost: ALL
 
i would like to do it like that 
bash$ ldaplist -l sudoersdn: cn=defaults, ou=SUDOers, dc=fr,dc=dmc,dc=com        sudoRunAs: %wheel
        sudoCommand: /opt/SUNWspro/bin/dbx        sudoCommand: /usr/bin/kill        sudoCommand: /usr/bin/pstack        sudoCommand: /usr/bin/ls        sudoUser: %wheel        sudoOption: ignore_local_sudoers        sudoHost: ALL        objectClass: top        objectClass: sudoRole        cn: defaults        description: Default sudoOption's go here
dn: cn=root, ou=sudoers, dc=fr,dc=dmc,dc=com        sudoUser: root        objectClass: top        objectClass: sudoRole        sudoCommand: (ALL) ALL        cn: root        sudoHost: ALL
 
Thank for your help
J.
_________________________________________________________________
Check out some new online services at Windows Live Ideas—so new they haven’t even been officially released yet.
http://ideas.live.com


More information about the sudo-users mailing list