[sudo-users] LDAP Sudoers sudo -l without password
Tony G.
tonysk8 at gmx.net
Fri Feb 19 20:01:20 EST 2010
Yes you can with:
# Entry 1: cn=sudo_l,ou=SUDOers,dc=example,dc=com
dn: cn=sudo_l,ou=SUDOers,dc=example,dc=com
cn: sudo_l
sudoCommand: /usr/bin/sudo -l
sudoHost: ALL
sudoOption: !authenticate
sudoUser: %users
objectClass: sudoRole
objectClass: top
this is the output:
$ sudo -l
User foo may run the following commands on this host:
LDAP Role: sudo_l
Commands:
/usr/bin/sudo -l
On Fri, Feb 19, 2010 at 1:51 PM, Jason Hamilton <jhamilton at simulexinc.com>wrote:
> I'm not sure if this is possible, but is there a way to allow a group of
> users to run "sudo -l" without authenticating, but also not permitting
> them to run all commands without authenticating? I tried something like
> this:
>
> dn: cn=viewmyinfo,ou=SUDOers,dc=sample,dc=com
> objectClass: sudoRole
> objectClass: top
> cn: viewmyinfo
> sudoCommand: sudo -l
> sudoHost: ALL
> sudoOption: !authenticate
> sudoRunAs: ALL
> sudoUser: %users
>
> Maybe it's a Friday thing, and I just can't think.
>
> --
>
> ----
> Jason Hamilton
> IT Manager
> * jhamilton at simulexinc.com
> ( OFFICE: 765.463.2690 x7015
> ( CELL: 765.237.9515
>
> Simulex, Inc. | Synthetic Environments for Analysis and Simulation
> 3842 McClure Ave, Ste. 120
> West Lafayette, IN 47906
> http://www.simulexinc.com
>
> ____________________________________________________________
> sudo-users mailing list <sudo-users at sudo.ws>
> For list information, options, or to unsubscribe, visit:
> http://www.sudo.ws/mailman/listinfo/sudo-users
>
--
Tony
More information about the sudo-users
mailing list