[sudo-users] sudo-ldap and precedence
Andreas Heinlein
aheinlein at gmx.com
Wed Apr 28 03:28:32 EDT 2010
Am 28.04.2010 00:33, schrieb Mark Janssen:
> On Tue, Apr 27, 2010 at 8:48 AM, Andreas Heinlein <aheinlein at gmx.com> wrote:
>
>> Am 26.04.2010 17:49, schrieb Mark Janssen:
>>
>>> On Mon, Apr 26, 2010 at 4:35 PM, Andreas Heinlein <aheinlein at gmx.com> wrote:
>>>
>>>
>>>> We have
>>>> a) the usual setup ($admin ALL=(ALL) ALL), where admins can execute any
>>>> command, but have to enter their password
>>>> b) some commands that everyone in the users group can execute *without*
>>>> a password. At the moment, this works for "normal" users but not for
>>>> users which are also in the admin group, these stille have to enter
>>>> their passwordv (%users ALL NOPASSWD:/usr/bin/...).
>>>>
> Assuming the users in the %admin group are also included in the %users
> group... you could try explicitly including %admin, or replacing
> %users with ALL (if this is what you want)
>
>
That worked (adding %admin explicitly). No idea why, or if this is
intended/expected behaviour, but I can live with it for the moment.
Thank you!
Andreas
More information about the sudo-users
mailing list