[sudo-users] Host negation

Gunjan Varshney Gunjan.Varshney at VERIFONE.com
Tue Sep 13 16:47:41 MDT 2016

Thanks for the response. 

This is because as written (but I guess wrongly) in earlier communication I do not know the IP addresses for those 'certain hosts'


A role superadmins (example, I created this role in sudoers) should be applicable to certain hosts but not others. I know CIDR of 'other hosts' but on these hosts I do not want super admins.

Does this clarify things.


-----Original Message-----
From: Todd C. Miller [mailto:Todd.Miller at courtesan.com] 
Sent: Tuesday, September 13, 2016 2:49 PM
To: Gunjan Varshney <Gunjan.Varshney at VERIFONE.com>
Cc: sudo-users at sudo.ws
Subject: Re: [sudo-users] Host negation

On Tue, 13 Sep 2016 17:53:13 -0000, Gunjan Varshney wrote:

> I am looking to create sudo ldap configuration for a linux group which 
> is app licable on 'certain hosts' but not others. I know
> 1.      CIDR blocks for the certain hosts.

Why not just put the CIDR blocks for the certain hosts in the sudoRoles you want to match?  E.g. to give user testuser sudo "ALL"
permissions on two class C networks:

dn: cn=role2,ou=SUDOers,dc=courtesan,dc=com
objectClass: top
objectClass: sudoRole
cn: testuser
cn: role2
sudoUser: testuser
sudoCommand: ALL

I'm not sure why you'd need to use negation at all.

 - todd

More information about the sudo-users mailing list