I have configured SUDO with OpenLDAP. I have created a group called
"sysadm" and assign the below commands which the users belong to this group
can execute. Now created a user called "bob" and assign him to this group.
When am logging in as bob, and run
"sudo -l", its asking me for the password and after i put the correct
password its showing me the "sudoCommand" list. But it also executes the
command "!/sbin/route" too which he should not able to execute, why its
happening? did i do anything wrong.
On Wed, Aug 10, 2011 at 10:11 AM, pradyumna dash <neomatrixgem(a)gmail.com>wrote:
I have a query, lets take a scenario :
Assume we have 2 servers "Server1" and "Server2" and 2 groups
"ITTech", What is needed is like say when a user "bob" logging
in to "Server1" he will get the group "Admin", but when he logs in
"Server2" he will get group "ITTech". Also it may vary for different
like when "Kris" logs in to Server1 he may get a group called
when he logs in to "Server2" he will get some other group say
Can it be possible by OpenLDAP ? If this is achieved then we are planning
to have SUDO files based on the grooups.
It would be great if you can provide me some pointers or how-to.