[sudo-users] sudo-ldap and precedence

Andreas Heinlein aheinlein at gmx.com
Wed Apr 28 03:28:32 EDT 2010

Am 28.04.2010 00:33, schrieb Mark Janssen:
> On Tue, Apr 27, 2010 at 8:48 AM, Andreas Heinlein <aheinlein at gmx.com> wrote:
>> Am 26.04.2010 17:49, schrieb Mark Janssen:
>>> On Mon, Apr 26, 2010 at 4:35 PM, Andreas Heinlein <aheinlein at gmx.com> wrote:
>>>> We have
>>>> a) the usual setup ($admin ALL=(ALL) ALL), where admins can execute any
>>>> command, but have to enter their password
>>>> b) some commands that everyone in the users group can execute *without*
>>>> a password. At the moment, this works for "normal" users but not for
>>>> users which are also in the admin group, these stille have to enter
>>>> their passwordv (%users ALL NOPASSWD:/usr/bin/...).
> Assuming the users in the %admin group are also included in the %users
> group... you could try explicitly including %admin, or replacing
> %users with ALL (if this is what you want)
That worked (adding %admin explicitly). No idea why, or if this is
intended/expected behaviour, but I can live with it for the moment.

Thank you!


More information about the sudo-users mailing list