On Jan 18, 2012, at 1:24 PM, Erinn Looney-Triggs wrote: On 01/18/2012 11:50 AM, JR Aquino wrote: On Jan 18, 2012, at 11:47 AM, Erinn Looney-Triggs wrote:
I can't really figure out what the proper syntax is for the sudo rules in IPA. I have a number of options that I would like included by default, I have put them in place, from ipa sudorule-show: Sudo Option: env_keep = "LESSSECURE", env_reset, mail_badpass, mail_no_host, mail_no_perms, syslog = local2 It looks to be getting confused by the whitespace. Remove the whitespace for env_keep = "LESSSECURE" & syslog = local2 to: env_keep="LESSSECURE" syslog=local2 Let me know if that helps. Also, can you post a compare against: ipa sudorule-show defaults vs <a host you want to run sudo on> $ sudo -l This doesn't appear to work, when sudo is run: sudo: unknown defaults entry `env_keep ' sudo: unknown defaults entry `mail_badpass, mail_no_host, mail_no_perms, syslog ' One thing that jumps out at me is that the '= whatever' portion is not being maintained. The directions in the IDM guide are less than clear, simply referencing the sudoers page for options. These are all valid sudo options, this is basically a straight port over from a sudoers file. So anyone have any experience doing this bit? -Erinn _______________________________________________ Freeipa-users mailing list [email protected]<mailto:[email protected]> https://www.redhat.com/mailman/listinfo/freeipa-users It looks like this was actually ttwo problems, one the quoting, and the second that via the web ui, I had put multiple options on a single line separated by a comma, so initially one rule was: mail_badpass, mail_no_host, mail_no_perms, syslog = local2 After fixing the spacing issue, as well as putting each into it's own statement everything worked just fine. There should probably either be better documentation, or better validation of input for those options, or ideally both :). I reckon I will open a bug up. Thanks! I agree with you. Might even help to do some level of input validation as well. Thanks again! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Jr Aquino, GCIH, GWAPT | Sr. Information Security Specialist Citrix Online | 7408 Hollister Avenue | Goleta, CA 93117 T: +1 805.690.3478 [email protected]<mailto:[email protected]> http://www.citrixonline.com [cid:[email protected]] Access Your PC or Mac From Anywhere: www.gotomypc.com Online Meetings Made Easy: www.gotomeeting.com Web Events Made Easy: www.gotowebinar.com Remote Support Made Easy: www.gotoassist.com Thanks for the help, -Erinn
<<inline: image001.jpg>>
_______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
