Hi,
Did u add this user to sudo rule/users ?
On 18-09-2014 08:02, Sanju A wrote:
Dear All,
I have tried with the settings as mentioned here. But still the issue
persists.
Regards
Sanju Abraham
IS - Network/System Administrator
Tata Consultancy Services
TCS Centre SEZ Unit,
Infopark PO,
Kochi - 682042,Kerala
India
Ph:- +91 484 6187490
Mailto: [email protected]
Website: http://www.tcs.com <http://www.tcs.com/>
____________________________________________
Experience certainty. IT Services
Business Solutions
Consulting
____________________________________________
From: Tevfik Ceydeliler <[email protected]>
To: <[email protected]>
Date: 17-09-2014 19:46
Subject: Re: [Freeipa-users] sudo setup in Ubuntu
Sent by: [email protected]
------------------------------------------------------------------------
Thanks to Lukas:
Step 0: Install freipa-client on ubuntu 14.04 and configure sudo
integration
root@ubuntu1404:/# ipa-client-install --no-ntp
root@ubuntu1404:/# echo "sudoers: files sss" >> /etc/nsswitch.conf
root@ubuntu1404:/# grep services /etc/sssd/sssd.conf
services = nss, pam
root@ubuntu1404:/# sed -i -e 's/\(services.*\)/\1, sudo/'
/etc/sssd/sssd.conf
root@ubuntu1404:/# grep services /etc/sssd/sssd.conf
services = nss, pam, sudo
Step 1: configure sudo rules for ordinary user
Please follow the instructions from FreeIPA documentation.
_http://www.freeipa.org/docs/master/html-desktop/index.html#sudo_
This step was skipped, becuase it was already done few months ago
Step 2: login to machine as ordinary user, which is allowed to use sudo.
$ su usersssd01
Password:
$ id
uid=325600011(usersssd01) gid=325600011(usersssd01)
groups=325600011(usersssd01),30011(biggroup1)
Step 3: run command
sudo -l
// this command should show you which commands can be executed as root
// with sudo
$ sudo -l
sudo: unable to resolve host ubuntu1404.example.test
[sudo] password for usersssd01:
Matching Defaults entries for usersssd01 on ubuntu1404:
env_reset, mail_badpass,
secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:/usr/bin\:/sbin\:/bin
User usersssd01 may run the following commands on ubuntu1404:
(root) /usr/bin/less, /usr/bin/vim
Step 4: If there weren't any problems then user will be able to run
command.
sudo some_command_listed_in_step3
$ sudo /usr/bin/less /etc/shadow | wc -l
21
$ echo $?
0
$ sudo apt-get install mc
Sorry, user usersssd01 is not allowed to execute '/usr/bin/apt-get
install mc' as root on ubuntu.example.test.
$ echo $?
1
On 17-09-2014 16:54, Sanju A wrote:
Dear All,
I am able to configure the sudo settings in Centos clients by
adding/modifying the entries in /etc/nsswitch.conf and
/etc/sudo-ldap.conf. What is the exact steps for the configuration in
Ubuntu as I am not able find the configuration file sudo-ldap.conf in
Ubuntu.
Regards
Sanju Abraham
IS - Network/System Administrator
Tata Consultancy Services
TCS Centre SEZ Unit,
Infopark PO,
Kochi - 682042,Kerala
India
Ph:- +91 484 6187490
Mailto: [email protected]_ <mailto:[email protected]>
Website: _http://www.tcs.com_ <http://www.tcs.com/>
____________________________________________
Experience certainty. IT Services
Business Solutions
Consulting
____________________________________________
=====-----=====-----=====
Notice: The information contained in this e-mail
message and/or attachments to it may contain
confidential or privileged information. If you are
not the intended recipient, any dissemination, use,
review, distribution, printing or copying of the
information contained in this e-mail message
and/or attachments to it are strictly prohibited. If
you have received this communication in error,
please notify us by reply e-mail or telephone and
immediately and permanently delete the message
and any attachments. Thank you
--
Bu elektronik postada bulunan tum fikir ve gorusler ve ekindeki
dosyalar sadece adres sahip/sahiplerine ait olup, Yasar Toplulugu
Sirketleri bu mesajin icerigi ile ilgili olarak hic bir hukuksal
sorumlulugu kabul etmez. Eger gonderilmesi dusunulen kisi veya kurulus
degilseniz, lutfen gonderen kisiyi derhal haberdar ediniz ve mesaji
sisteminizden siliniz.The information contained in this e-mail and any
files transmitted with it are intended solely for the use of the
individual or entity to whom they are addressed and Yasar Group
Companies do not accept legal responsibility for the contents. If you
are not the intended recipient, please immediately notify the sender
and delete it from your system.
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org <http://freeipa.org/>for more info on the
project
--
<br>
<img src="http://www.yasar.com.tr/banner/yhbanner.jpg";> </img>
<br><br>
Bu elektronik postada bulunan tum fikir ve gorusler ve ekindeki dosyalar sadece
adres sahip/sahiplerine ait olup, Yasar Toplulugu Sirketleri bu mesajin icerigi
ile ilgili olarak hic bir hukuksal sorumlulugu kabul etmez. Eger gonderilmesi
dusunulen kisi veya kurulus degilseniz, lutfen gonderen kisiyi derhal haberdar
ediniz ve mesaji sisteminizden siliniz.The information contained in this e-mail
and any files transmitted with it are intended solely for the use of the
individual or entity to whom they are addressed and Yasar Group Companies do
not accept legal responsibility for the contents. If you are not the intended
recipient, please immediately notify the sender and delete it from your system.
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project
![http://www.yasar.com.tr/banner/yhbanner.jpg"](http://www.yasar.com.tr/banner/yhbanner.jpg"){kind=link}