On Tue, Oct 06, 2015 at 06:28:14PM +0200, Karl Forner wrote: > Hello, > > I had assumed sudo rules worked because I have an "allow_all for admins" > sudo rule that seemed to work, but I wonder if there is an implicit rule > for the special group admins ? > > > Because I have tried to replicate this allow_all rule for for other user > groups, and it does not seem to work at all. > What's strange is that "sudo -l" report the appropriate rules, but they do > not work. > > For instance, some users have: (ALL) ALL listed with sudo -l, but they can > not use sudo. > > My user has: > (root) NOPASSWD: /usr/bin/git status, /usr/local/bin/git status > (ALL) ALL > (root) NOPASSWD: /bin/chgrp qbstaff *, /bin/chmod g[+-]* *, /bin/chmod > -R g[+-]* * > (ALL) NOPASSWD: /usr/bin/less > (ALL) ALL > > but I'm prompted a password when doing "sudo /usr/bin/less". > > How can I debug this ?
Pavel (CC) has a nice sudo debug howto, maybe it would be helpful? -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project