[sudo-users] SudoUsers matching regardless of netgroup

Choure, Sidd schoure at apartments.com
Tue Dec 3 15:32:45 MST 2013


Thank you very much!!! That was it. The tuple had to be changed to
(,schoure,). And yes, I think there is a bug that if I run sudo -U schoure
-l, I get "User schoure is not allowed to run sudo on localhost.² but when
I run sudo -l, I get proper sudo output. Do I file a bugzilla for this
with sudoers people or RedHat?


Thanks!!
Siddharth Choure
Senior Systems Engineer
 






On 12/3/13, 4:26 PM, "Todd C. Miller" <Todd.Miller at courtesan.com> wrote:

>On Tue, 03 Dec 2013 22:00:15 +0000, "Choure, Sidd" wrote:
>
>> Wow, would never have come across that easily. Thanks. I think I am
>> getting closer. Now, none of the users are getting sudo access and it
>> maybe because of the config option you mentioned in sssd.conf. I added
>> ldap_include_netgroups = True but that made no difference.
>
>There may be a bug that prevents "sudo -U otheruser -l" from working
>with sssd when matching a user netgroup.  You should be able to run
>"sudo -l" as that user though.
>
>It's also possible that the netgroup tuple:
>
>    (-, schoure, -)
>
>is not matching due to the '-'.  You might try:
>
>    (,schoure,)
>
>instead.
>
> - todd




More information about the sudo-users mailing list