[sudo-users] Setting defaults for a single LDAP sudo rule

Gonzalez, Aliep aliep.gonzalez at rbc.com
Tue May 15 12:11:34 EDT 2012

Hello list,

I am running sudo 1.7.4p6 on Solaris 10. I am trying to setup an LDAP
sudo rule that has to run with a default option that applies to that
specific rule only. Looking at the documentation and doing some Google
searches, I could only see examples about setting global Default options
in LDAP; but not rule specific ones. Right now I have been able to make
the rule work by including that default options line in /etc/sudoers as
shown below:

Defaults:uak0uc1   !requiretty

However I would like to move this entry to LDAP if possible. I have been
trying to add "sudoOption: !requiretty" to the LDAP rule but that does
not seem to work as I expect. What am I doing wrong here?

My "cn=defaults" in LDAP looks as below:

dn: cn=defaults,ou=SUDOers,dc=fg,dc=rbccm,dc=com
sudoOption: logfile=/var/adm/sudo.log
sudoOption: always_set_home
description: Default sudoOption's go here
cn: defaults
objectClass: top
objectClass: sudoRole

The existing sudo rule is as below:

dn: cn=fg_UAK0_dev_uakouc1_sudo,ou=sudoers,dc=fg,dc=rbccm,dc=com
sudoHost: usvcciad1
sudoHost: usvcciad2
sudoHost: usvcciaq1
sudoHost: usvcciaq2
sudoHost: usvcciat1
sudoHost: usvcciat2
sudoCommand: /bin/su - puakadmd -c /app/ucommand/*
sudoCommand: /bin/su - guakadmq -c /app/ucommand/*
sudoCommand: /bin/su - puakadmq -c /app/ucommand/*
sudoCommand: /bin/su - guakadm -c /app/ucommand/*
sudoCommand: /bin/su - puakadmt -c /app/ucommand/*
sudoCommand: /bin/su - guakadmt -c /app/ucommand/*
sudoUser: uak0uc1
sudoRunAs: root
objectClass: top
objectClass: sudoRole
sudoOption: !authenticate
cn: fg_UAK0_dev_uakouc1_sudo

Thanks in advance,


This email may be privileged and/or confidential, and the
sender does not waive any related rights and obligations.
Any distribution, use or copying of this email or the
information it contains by other than an intended recipient
is unauthorized. If you received this email in error,
please advise the sender (by return email or otherwise)
immediately. You have consented to receive the attached
electronically at the above-noted email address; please retain a
copy of this confirmation for future reference.

Ce courriel est confidentiel et protégé. L'expéditeur ne renonce
pas aux droits et obligations qui s'y rapportent. Toute diffusion,
utilisation ou copie de ce courriel ou des renseignements qu'il
contient par une personne autre que le (les) destinataire(s)
désigné(s) est interdite. Si vous recevez ce courriel par erreur,
veuillez en aviser l'expéditeur immédiatement, par retour de courriel
ou par un autre moyen. Vous avez accepté de recevoir le(s) document(s)
ci-joint(s) par voie électronique à l'adresse courriel indiquée ci-dessus;
veuillez conserver une copie de cette confirmation pour les fins de reference future.

More information about the sudo-users mailing list