Hello Everyone,
We are facing an issue related with the Sudoers LDAP Backend.
We have a LDAP group that should be able to vi, tail and less all the files contained inside /var/log/ We are thinking about using wildcards but it seems that the wildcards that works for suders file does not works when the backend is the LDAP.
Eg.
dn: cn=%GroupEX,ou=SUDOers,dc=examples,dc=example,dc=com objectClass: top objectClass: sudoRole cn: %Sec_Analysts description: Security Administrators group sudo rules sudoCommand: /usr/bin/less /var/log/* sudoCommand: /usr/bin/tail /var/log/* sudoCommand: /usr/bin/head /var/log/* sudoCommand: /usr/bin/vi /var/log/* sudoCommand: /usr/bin/vim /var/log/* sudoOption: !authenticate sudoOrder: 115 sudoRunAsUser: root sudoUser: %GroupEX
This only works when the user that belongs to GroupEX run the commands as shown:
/usr/bin/less /var/log/* /usr/bin/tail /var/log/* ...
But this does not work when the command is performed as: /usr/bin/less /var/log/warn /usr/bin/tail /var/log/warn
Any ideas?
Using ACLs and File permissions are not an option here.
Thank you so much. Regards.
[cid:image001.gif@01D7BB82.7B9FECE0]
Dario Garcia Díaz-Miguel GGCS-SES Unit GGCS SKMF Infrastructure Division
GMV C\ de Isaac Newton, 11 28760, Tres Cantos, Madrid España +34 918 07 21 00 +34 918 07 21 99 www.gmv.com http://www.gmv.com/ [cid:image002.png@01D7BB82.7B9FECE0]http://www.facebook.com/infoGMV
[cid:image003.png@01D7BB82.7B9FECE0]http://www.twitter.com/infoGMV_es
[cid:image004.png@01D7BB82.7B9FECE0]http://www.youtube.com/infoGMV
[cid:image005.png@01D7BB82.7B9FECE0]https://www.linkedin.com/company/gmv
[cid:image006.png@01D7BB82.7B9FECE0]http://www.gmv.com/en/RSS
[cid:image007.png@01D7BB82.7B9FECE0]http://www.gmv.com/blog_gmv/language/en/
P Please consider the environment before printing this e-mail.
