Hello Everyone,

We are facing an issue related with the Sudoers LDAP Backend.

We have a LDAP group that should be able to vi, tail and less all the files contained inside /var/log/ We are thinking about using wildcards but it seems that the wildcards that works for suders file does not works when the backend is the LDAP.

Eg.

dn: cn=%GroupEX,ou=SUDOers,dc=examples,dc=example,dc=com objectClass: top objectClass: sudoRole cn: %Sec_Analysts description: Security Administrators group sudo rules sudoCommand: /usr/bin/less /var/log/* sudoCommand: /usr/bin/tail /var/log/* sudoCommand: /usr/bin/head /var/log/* sudoCommand: /usr/bin/vi /var/log/* sudoCommand: /usr/bin/vim /var/log/* sudoOption: !authenticate sudoOrder: 115 sudoRunAsUser: root sudoUser: %GroupEX

This only works when the user that belongs to GroupEX run the commands as shown:

/usr/bin/less /var/log/* /usr/bin/tail /var/log/* ...

But this does not work when the command is performed as: /usr/bin/less /var/log/warn /usr/bin/tail /var/log/warn

Any ideas?

Using ACLs and File permissions are not an option here.

Thank you so much. Regards.

[cid:image001.gif@01D7BB82.7B9FECE0]

Dario Garcia Díaz-Miguel GGCS-SES Unit GGCS SKMF Infrastructure Division

GMV C\ de Isaac Newton, 11 28760, Tres Cantos, Madrid España +34 918 07 21 00 +34 918 07 21 99 www.gmv.com http://www.gmv.com/ [cid:image002.png@01D7BB82.7B9FECE0]http://www.facebook.com/infoGMV

[cid:image003.png@01D7BB82.7B9FECE0]http://www.twitter.com/infoGMV_es

[cid:image004.png@01D7BB82.7B9FECE0]http://www.youtube.com/infoGMV

[cid:image005.png@01D7BB82.7B9FECE0]https://www.linkedin.com/company/gmv

[cid:image006.png@01D7BB82.7B9FECE0]http://www.gmv.com/en/RSS

[cid:image007.png@01D7BB82.7B9FECE0]http://www.gmv.com/blog_gmv/language/en/

P Please consider the environment before printing this e-mail.