[sudo-users] SudoUsers matching regardless of netgroup

Todd C. Miller Todd.Miller at courtesan.com
Tue Dec 3 15:26:49 MST 2013


On Tue, 03 Dec 2013 22:00:15 +0000, "Choure, Sidd" wrote:

> Wow, would never have come across that easily. Thanks. I think I am
> getting closer. Now, none of the users are getting sudo access and it
> maybe because of the config option you mentioned in sssd.conf. I added
> ldap_include_netgroups = True but that made no difference.

There may be a bug that prevents "sudo -U otheruser -l" from working
with sssd when matching a user netgroup.  You should be able to run
"sudo -l" as that user though.

It's also possible that the netgroup tuple:

    (-, schoure, -)

is not matching due to the '-'.  You might try:

    (,schoure,)

instead.

 - todd


More information about the sudo-users mailing list