[sudo-users] Host negation

Todd C. Miller Todd.Miller at courtesan.com
Tue Sep 13 15:48:45 MDT 2016

On Tue, 13 Sep 2016 17:53:13 -0000, Gunjan Varshney wrote:

> I am looking to create sudo ldap configuration for a linux group which is app
> licable on 'certain hosts' but not others. I know
> 1.      CIDR blocks for the certain hosts.

Why not just put the CIDR blocks for the certain hosts in the
sudoRoles you want to match?  E.g. to give user testuser sudo "ALL"
permissions on two class C networks:

dn: cn=role2,ou=SUDOers,dc=courtesan,dc=com
objectClass: top
objectClass: sudoRole
cn: testuser
cn: role2
sudoUser: testuser
sudoCommand: ALL

I'm not sure why you'd need to use negation at all.

 - todd

More information about the sudo-users mailing list