[sudo-users] Host negation
Todd C. Miller
Todd.Miller at courtesan.com
Tue Sep 13 15:48:45 MDT 2016
On Tue, 13 Sep 2016 17:53:13 -0000, Gunjan Varshney wrote:
> I am looking to create sudo ldap configuration for a linux group which is app
> licable on 'certain hosts' but not others. I know
>
>
> 1. CIDR blocks for the certain hosts.
Why not just put the CIDR blocks for the certain hosts in the
sudoRoles you want to match? E.g. to give user testuser sudo "ALL"
permissions on two class C networks:
dn: cn=role2,ou=SUDOers,dc=courtesan,dc=com
objectClass: top
objectClass: sudoRole
cn: testuser
cn: role2
sudoUser: testuser
sudoCommand: ALL
sudoHost: 172.16.153.0/24
sudoHost: 172.16.155.0/24
I'm not sure why you'd need to use negation at all.
- todd
More information about the sudo-users
mailing list