[sudo-users] cannot specify 2 differents sudo command on 2 machines

zorgui zorg zorg724 at gmail.com
Thu Mar 3 10:20:15 MST 2016

I 'am using ldap sudoers (openlap), and i try to specify the architecture:

The user "*acdc_admin*" shall:

-execute command "/usr/bin/systemctl *" on machine * i-vsrv-acd-ingdis-nom*
-execute commands  : /bin/yum  and   /bin/yumdownloader on machine

(file SUDOers.ldif):

dn: cn=*acdc_admin*,ou=SUDOers,ou=services,dc=fe.net
objectClass: top
objectClass: sudoRole
cn: acdc_admin
sudoUser: acdc_admin
*sudoHost: i-vsrv-acd-ingdis-nom*
sudoRunAsUser: ALL
sudoCommand: /usr/bin/systemctl *
*sudoHost: vsrv-bsr-serv1-nom*
sudoCommand: /bin/yum *
sudoCommand: /bin/yumdownloader
sudoOption: !authenticate
sudoOrder: 5

When i test that, i see that:
acdc_admin  can lauch all commands on the first machine (*
i-vsrv-acd-ingdis-nom)!* and cannot use sudo on second machine!
On machine i-vsrv-acd-ingdis-nom:
[acdc_admin at i-vsrv-acd-ingdis-nom ~]$* sudo -l*
 User acdc_admin may run the following commands on this host:
    (ALL) NOPASSWD: /usr/bin/systemctl *, /bin/yum *, /bin/yumdownloader   *
=> the 3 commands where i have only specified /usr/bin/systemctl * for this

Could you help me please?

* How specify for 1 ldapuser, many different sudocommand according to the
machine ?*
Best regards

More information about the sudo-users mailing list