On Tue, Aug 11, 2015 at 01:08:31PM +0200, Roberto Lucarelli wrote:
> Hello,
> i configured Freeipa server and sudo client is ok but now i want deny
> users to launch command passwd and sudo -r .
> My configuration provide that all commands are enable .
>
> I can not configure specific commands because users must manage many
> services such as postfix, apache, mysql etc and they must have access to
> different folders with different users and groups .
>
> Do you have any recommendations ?
I'm not sure this is possible with the ipa CLI. Also keep in mind that
allowing specific commands is generally preferable. Denying specific
commands and allowing the rest calls for trouble IMO..
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project