I am also seeing "secure_path" having no effect: LDAP Role: dug_it RunAsUsers: ALL RunAsGroups: ALL Options: !authenticate, !requiretty, always_set_home, env_reset, !visiblepw, env_keep="COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC KDEDIR LS_COLORS", env_keep+="MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE", env_keep+="LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE", env_keep+="LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY", env_keep+="SINGULARITY_CACHEDIR SINGULARITY_TMPDIR SINGULARITY_DOCKER_LOGIN SINGULARITY_DOCKER_USERNAME SINGULARITY_DOCKER_PASSWORD SINGULARITY_NOHTTPS SINGULARITY_LIBRARY SINGULARITY_REMOTE", env_keep+="PIP_CACHE_DIR TMPDIR", secure_path=/sbin\:/bin\:/usr/sbin\:/usr/bin\:/some/mount/bin Commands: ALL
Let's say I have a command under "/some/mount/bin" that is called "metrics". When I attempt to "sudo metrics" I end up with "sudo: metrics: command not found" On Mon, Jan 11, 2021 at 9:25 AM Mark Potter <ma...@dug.com> wrote: > I am trying to create a default sudo environment that is applied to all > users in addition to anything from other groups. This would include things > like "secure_path" and a few env lines. However I cannot seem to get this > to work. I understand that the highest number in "Sudo order" is processed > first but regardless of ordering I cannot seem to apply a default along > with other sudo groups. I would expect that if this default was numbered > "1" and everything else was higher that it would apply the Sudo options > what I'm seeing in practice is that the options aren't additive and if a > higher numbered rule doesn't contain them that they are removed. Is this > the expected behavior here? > > For example if I have: > > env_keep="COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC KDEDIR LS_COLORS" > > In a sudo group called "Default" and that group is set for all users on > all hosts with Commands and As whom all set to "Specified" with Sudo order > of 1, then a group called "IT" with set for all users, all hosts, all > commands, any user, any group with a Sudo order of 2 it appears that the > Sudo options aren't applied and only what's set for "IT". > > If there is no inheritance I can work with that but I would be brilliant > if I I have simply missed something simple and can configure a default set > of options. > -- > > *Mark Potter* > > Senior Linux Administrator > > > -- *Mark Potter* Senior Linux Administrator DownUnder GeoSolutions 16200 Park Row Drive, Suite 100 Houston TX 77084, USA tel +1 832 582 3221 ma...@dug.com www.dug.com
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org