[sudo-users] Setting defaults for a single LDAP sudo rule

Gonzalez, Aliep aliep.gonzalez at rbc.com
Wed May 23 15:47:38 EDT 2012

Excellent, turns out that it was actually accepting the "sudoOption":

usvcciaq1:/users/qsfshmx sudo -ll -U uak0uc1
Matching Defaults entries for uak0uc1 on this host:
    logfile=/var/adm/sudo.log, always_set_home

User uak0uc1 may run the following commands on this host:

LDAP Role: fg_UAK0_dev_uakouc1_sudo
    RunAsUsers: root
    Options: !authenticate, !requiretty, visiblepw
        /bin/su - puakadmd -c /app/ucommand/*
        /bin/su - guakadmq -c /app/ucommand/*
        /bin/su - puakadmq -c /app/ucommand/*
        /bin/su - guakadm -c /app/ucommand/*
        /bin/su - puakadmt -c /app/ucommand/*
        /bin/su - guakadmt -c /app/ucommand/*

LDAP Role: fg_UAK0_qa_uakouc1_sudo
    RunAsUsers: puakadmq
    Options: !authenticate
        /usr/bin/ksh -c /app/origenate/or_qa87/admin/startall.sh
        /usr/bin/ksh /app/origenate/or_qa87/config/usrconfig.sh

Thanks again for your help Todd; really appreciated!

-----Original Message-----
From: Todd C. Miller [mailto:Todd.Miller at courtesan.com] 
Sent: 2012, May, 15 2:54 PM
To: Gonzalez, Aliep
Cc: sudo-users at sudo.ws
Subject: Re: [sudo-users] Setting defaults for a single LDAP sudo rule

On Tue, 15 May 2012 14:40:43 EDT, "Gonzalez, Aliep" wrote:

> Anyways the full output of "sudo -l" for user "uak0uc1" is shown
> Any help is greatly appreciated; thanks in advance.
> usvcciaq1:/users/qsfshmx sudo -l -U uak0uc1

You won't see per-command options in the short list format, try running:

sudo -ll -U uak0uc1

 - todd

This email may be privileged and/or confidential, and the
sender does not waive any related rights and obligations.
Any distribution, use or copying of this email or the
information it contains by other than an intended recipient
is unauthorized. If you received this email in error,
please advise the sender (by return email or otherwise)
immediately. You have consented to receive the attached
electronically at the above-noted email address; please retain a
copy of this confirmation for future reference.

Ce courriel est confidentiel et protégé. L'expéditeur ne renonce
pas aux droits et obligations qui s'y rapportent. Toute diffusion,
utilisation ou copie de ce courriel ou des renseignements qu'il
contient par une personne autre que le (les) destinataire(s)
désigné(s) est interdite. Si vous recevez ce courriel par erreur,
veuillez en aviser l'expéditeur immédiatement, par retour de courriel
ou par un autre moyen. Vous avez accepté de recevoir le(s) document(s)
ci-joint(s) par voie électronique à l'adresse courriel indiquée ci-dessus;
veuillez conserver une copie de cette confirmation pour les fins de reference future.

More information about the sudo-users mailing list