[sudo-users] Host negation
Gunjan Varshney
Gunjan.Varshney at VERIFONE.com
Tue Sep 13 16:47:41 MDT 2016
Thanks for the response.
This is because as written (but I guess wrongly) in earlier communication I do not know the IP addresses for those 'certain hosts'
So.
A role superadmins (example, I created this role in sudoers) should be applicable to certain hosts but not others. I know CIDR of 'other hosts' but on these hosts I do not want super admins.
Does this clarify things.
-gunjan
-----Original Message-----
From: Todd C. Miller [mailto:Todd.Miller at courtesan.com]
Sent: Tuesday, September 13, 2016 2:49 PM
To: Gunjan Varshney <Gunjan.Varshney at VERIFONE.com>
Cc: sudo-users at sudo.ws
Subject: Re: [sudo-users] Host negation
On Tue, 13 Sep 2016 17:53:13 -0000, Gunjan Varshney wrote:
> I am looking to create sudo ldap configuration for a linux group which
> is app licable on 'certain hosts' but not others. I know
>
>
> 1. CIDR blocks for the certain hosts.
Why not just put the CIDR blocks for the certain hosts in the sudoRoles you want to match? E.g. to give user testuser sudo "ALL"
permissions on two class C networks:
dn: cn=role2,ou=SUDOers,dc=courtesan,dc=com
objectClass: top
objectClass: sudoRole
cn: testuser
cn: role2
sudoUser: testuser
sudoCommand: ALL
sudoHost: 172.16.153.0/24
sudoHost: 172.16.155.0/24
I'm not sure why you'd need to use negation at all.
- todd
More information about the sudo-users
mailing list