I have configured SUDO with OpenLDAP. I have created a group called "sysadm" and assign the below commands which the users belong to this group can execute. Now created a user called "bob" and assign him to this group. When am logging in as bob, and run
"sudo -l", its asking me for the password and after i put the correct password its showing me the "sudoCommand" list. But it also executes the command "!/sbin/route" too which he should not able to execute, why its happening? did i do anything wrong.
On Wed, Aug 10, 2011 at 10:11 AM, pradyumna dash <email@example.com>
I have a query, lets take a scenario :
Assume we have 2 servers "Server1" and "Server2" and 2 groups "Admin" and
"ITTech", What is needed is like say when a user "bob" logging
in to "Server1"
he will get the group "Admin", but when he logs in to "Server2" he will get
group "ITTech". Also it may vary for different users
like when "Kris" logs in
to Server1 he may get a group called "ITTech" and when he logs in to "Server2"
he will get some other group say "Security".
Can it be possible by OpenLDAP ? If this is achieved then we are planning to have SUDO files based on the grooups.
It would be great if you can provide me some pointers or how-to.