Hello Everyone, We are facing an issue related with the Sudoers LDAP Backend.
We have a LDAP group that should be able to vi, tail and less all the files contained inside /var/log/ We are thinking about using wildcards but it seems that the wildcards that works for suders file does not works when the backend is the LDAP. Eg. dn: cn=%GroupEX,ou=SUDOers,dc=examples,dc=example,dc=com objectClass: top objectClass: sudoRole cn: %Sec_Analysts description: Security Administrators group sudo rules sudoCommand: /usr/bin/less /var/log/* sudoCommand: /usr/bin/tail /var/log/* sudoCommand: /usr/bin/head /var/log/* sudoCommand: /usr/bin/vi /var/log/* sudoCommand: /usr/bin/vim /var/log/* sudoOption: !authenticate sudoOrder: 115 sudoRunAsUser: root sudoUser: %GroupEX This only works when the user that belongs to GroupEX run the commands as shown: /usr/bin/less /var/log/* /usr/bin/tail /var/log/* ... But this does not work when the command is performed as: /usr/bin/less /var/log/warn /usr/bin/tail /var/log/warn Any ideas? Using ACLs and File permissions are not an option here. Thank you so much. Regards. [cid:[email protected]] Dario Garcia Díaz-Miguel GGCS-SES Unit GGCS SKMF Infrastructure Division GMV C\ de Isaac Newton, 11 28760, Tres Cantos, Madrid España +34 918 07 21 00 +34 918 07 21 99 www.gmv.com <http://www.gmv.com/> [cid:[email protected]]<http://www.facebook.com/infoGMV> [cid:[email protected]]<http://www.twitter.com/infoGMV_es> [cid:[email protected]]<http://www.youtube.com/infoGMV> [cid:[email protected]]<https://www.linkedin.com/company/gmv> [cid:[email protected]]<http://www.gmv.com/en/RSS> [cid:[email protected]]<http://www.gmv.com/blog_gmv/language/en/> P Please consider the environment before printing this e-mail.
