[sudo-users] sudo-ldap and precedence
Andreas Heinlein
aheinlein at gmx.com
Mon Apr 26 10:35:19 EDT 2010
Hello,
I have a problem configuring sudo-ldap under Ubuntu 9.10/10.04.
We have
a) the usual setup ($admin ALL=(ALL) ALL), where admins can execute any
command, but have to enter their password
b) some commands that everyone in the users group can execute *without*
a password. At the moment, this works for "normal" users but not for
users which are also in the admin group, these stille have to enter
their passwordv (%users ALL NOPASSWD:/usr/bin/...).
As I understand, order of entries should not matter since there is no
guarantee that LDAP entries are returned in any particular order. But in
this case it seems to matter because the first entry for the admin group
seems to be the effective one, instead of the second one (the closer
match). Is this intended behaviour? Is there any way to change this?
Thanks,
Andreas
More information about the sudo-users
mailing list